Incase  study:  Change  Agents  Succeed  at  Shell 


MARCH  15,  2002  •  $9.00  CIO.COITI 


The  Magazine  for  Information  Executives 


Maintenance  costs  are  rising 
Migration  costs  are  falling 
The  competition  is  moving 


INCLUDING 

How  to  figure  the  ROI 
How  to  sell  your  board 
Who  has  the  best  tools 

Page  56 


4 


SPECIAL  REPORT 

THE  TRUTH  ABOUT 
CYBERTERRORISM 

Page  66 

YOUR  INCIDENT 
RESPONSE  TOOLKIT 

Page  74 


Kevin  Murray,  American 
International  Group’s 
CIO,  showed  his  board 
that  legacy  modernization 
was  cheaper  than 
maintenance. 


You  shouldn't  have  to  adapt  your  company  to  fit  some  imposing  enterprise  software  design 
At  Lawson,  we  create  software  solutions  for  specific  industries.  Our  industry  experts  make  sure 
of  it.  The  result  is  proven  software  that  works  for  you.  With  deeper  functionality.  Fast,  seamless 


mplementation.  Rapid  return  on  investment.  Lower  total  cost  of  ownership.  And  experienced 
:onsulting  and  support  teams  to  meet  your  ongoing  needs.  Which  explains  why  many  of  our 
:ustomers  are  industry  leaders.  Details  await  at  www.lawson.com/truck7  or  call  1-800-477-1 357. 


Microsoft' 


2001  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Visio.  and  the  Office  logo  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


*  I 

*  ifj 

See  what  I’m  saying? 


mBmmm s 


* 1  ' 

*  **jX  ‘  *. 


_ 


_ 


no 


CD 

4^ 

O  [ 

CO 

22 

o 

CO 

22 

U  ] 

n  [S  H  Port 

1 

Lfc  J  Port 

Ml 

EH  J  Port 

0  'j - j  8U2-A 

M  XZ 

rf=j]  802-B 

LLJ  2 

1  1 

802-C 

xz 

£ 

Port 
803-A  r'  Nl 


□ 


700] 


mm 


iSia 


5 

Port  _ 

803-B  r'  PT1 


□ 


S|#S£3 

HH 


Getting  a  19th-century  building  ready  for  21st-century  business  is  no  small  feat. 

Microsoft®  Visio®  2002  can  help  you  get  up  for  the  task  at  hand.  Create  crystal-clear  network 
and  telecommunications  schematics,  space  plans,  even  detailed  HVAC  layouts,  to  quickly 
communicate  just  what  goes  where,  when,  and  how.  And  with  the  flexibility  to  save  Visio 
diagrams  as  Web  pages  or  to  use  them  in  Microsoft  Office  documents  and  e-mail,  you 
can  make  sure  everyone  sees  a  job  well  done.  To  give  it  a  try,  visit  getvisio2002.com 
or  go  to  Internet  Keyword:  Microsoft  Visio.  Software  for  the  Agile  Business. 


Microsoft 


■  - 


nil  is  it  liudeinoik  of  Inlul  fomonilion  Of  its  sulttiitaiis  in  Ihn  Unilml  Slnliis  nml  nlliui  iiiuiiliins  <>  >7001  llnwldl  I'm  kind  (ompony.  All  iii|lils  iuvbivoiI 


«»»  *+22 


v  v- 


,  #c; 

%■  yWmL 


You've  been 


ing*  to  conjure  up  the  magic 


iiiimn 


combination  of  servers  and  operating  systems  that  will  finally  bring  together  your  company's 

various  departments.  Meanwhile,  sales  is  pushing  to  get  the  CRM  software 
installed  by  the  end  of  the  quarter.  Marketing  is  screaming  for  help  with  the 
new  Web  initiative.  Manufacturing  is  late  implementing  the  next  phase  of  the 
ERP  system.  And  you're  stuck  there  in  the  middle  of  the  crossfire,  glancing 
around  the  nerve  center  of  your  enterprise,  waiting  for  the  inspiration  to  arrive. 

It  would  help  if  the  servers  you  were  working  with  were  designed  for 
the  reality  of  today's  complex  business  environment. 

At  HP,  we  always  approach  servers  from  the  systems  level,  taking  the 
extra  time  to  consider  how  they  work  with  your  infrastructure  as  a  whole.  That's 
why  we  offer  a  broad  range  of  server  solutions  that  allow  you  to  choose  the 
ideal  OS  for  your  needs  and  preferences— from  high-end  enterprise  systems  to 
server  appliances  to  blades. 

All  come  bundled  with  sophisticated  management  tools  that  make  it 
easier  for  you  to  manage  your  infrastructure  across  multiple  operating  systems. 
And  as  codeveloper  of  the  next-generation  multi-OS  platform  — the  Itanium™ 
architecture  — HP  is  in  the  unique  position  to  make  future  upgrade  paths  a 
totally  seamless  experience. 

HP  infrastructure  solutions  — servers,  software,  storage,  services  and 
beyond— are  engineered  for  the  real  world  of  business.  Because  the  last  time 
we  checked,  that's  where  we  all  work.  Call  1.800.HPASKME,  ext.  246.  Or  visit 
www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 


invent 


VOL.  15  •  NO.  11  •  MARCH  15,  2002 


Cover  Story 

I.T.  INFRASTRUCTURE  I  56 

Pull  the  Plug  on 
Your  Legacy  Apps 

Despite  the  sluggish  economy  and  uncertain  business 
climate,  right  now  is  the  perfect  time  to  tear  down 
your  legacy  applications  and  start  over. 

By  Simone  Kaplan 


COVER  PHOTO  BY  ANDREW  KIST 


American  International 
Group  ClOnevin  Murray 
showed  his  board  a 
30  percent  savings  in 
legacy  maintenance  costs 
if  they  moved  from 
mainframe  to  thin  client. 


Features 


SPECIAL  REPORT:  CYBERSECURITY 
The  Truth  About  Cyberterrorism  I  66 

The  real  threat  is  to  critical  data,  not  to  property.  That’s  what 
CIOs  should  be  focusing  on.  By  Scott  Berinato 

How  to  Plan  for  the  Inevitable  I  74 

Think  you  can’t  afford  to  create  an  incident  response  plan?  Think 
again.  Here’s  a  budget-conscious  guide  to  getting  started. 

By  Sarah  D.  Scalet 


"To  us,  cyberterrorism  is  a  lower- 
level  threat,"  says  Marcus 
Kempe,  director  of  operations 
support  for  the  Massachusetts 
Water  Resource  Authority. 
“Could  a  computer  attack  get  us 
to  a  high-consequence  event? 
Probably  not."  Page  66 


PROFESSIONAL  SERVICES 
AUTOMATION  SOFTWARE 
RoboBoss  I  84 

Automating  your  workflow,  knowledge  management  and  billing 
processes  can  work  only  if  employees  and  managers  are  on  board 
ahead  of  time.  Otherwise  you’re  just  wasting  your  time  and  money. 
By  Preston  Gralla 

CASE  FILES  I  SHELL  I.T.  INTERNATIONAL 
Quick  Change  Artists  I  92 

How  Shell  Information  Technology  International  successfully 
navigated  the  rollout  of  new  security  standards.  By  Simone  Kaplan 

ADVANCED  TECHNOLOGY  DEVELOPMENT 
From  Their  Labs  to  Your  Desktop  I  100 

Tech-sawy  schools  like  to  share  what  they  know — but  only  if  you 
learn  how  to  ask.  By  Ben  Worthen 

MORE  ►►► 


X 

X 

X 


"ill  not  3lver 

"id  not 

"lit  not  give. 


"V  fti"Ck  Moneu 

Money 

noney 

wtj  (oinGU.  Money 


h  SieUl. 

to  Si ebel. 

to  Siehel. 
tb  Si .ebel. 

to  6iebel. 


-T  Welt  not  give.  nny  turn  Ok  money  U  suut. 
T  "ill  not  give,  Money  to  Si&be\. 

H  pvilf  not  C^iVe,  my  low <  y  to  Siebel. 

T_  will  not  give-  rng  .ytoSie-Ut. 


■y 


t o  Siebe/. 
to  Si ebel. 


x  "id  ^t 


Don’t  get  bullied. 


New  Enterprise  CRM  from  salesforce.com.  Get  Smart. 

The  days  of  the  enterprise  software  bullies  emptying  your  wallet  with  up-front  costs  and  failed 
deployments  are  over.  Why  pay  for  expensive  software  and  hardware,  lengthy  implementations  and 
costly  consulting?  New  Enterprise  CRM  from  salesforce.com  immediately  answers  all  your  needs 
while  delivering  where  it  counts  —  your  bottom  line.  Over  3,800  companies  have  already  learned 
this  lesson  including  Adobe,  Dow  Jones  Newswires,  Fujitsu,  Siemens  and  USA  Today.  How  about  you? 
Don’t  get  bullied.  Get  smart.  Get  salesforce.com.  _  - 

salesforce.com 

#1  CRM.  Online.  Offline. 


Call  I.800.NOSOFTWARE  or  visit  www.salesforce.com 

and  enter  promo  code  K0313  for  a  FREE  TEST  DRIVE  ! 


©  2002  salesforce.com 


There's  a  Dell  PowerEdge  server  for 
every  kind  of  business. 

From  "kind  of  start  up"  to  "kind  of  FORTUNE  500.®" 


fill! 

\!iss«pt 

: 

I  ••••••••••••##< 


ill 


***  w 

ill* 


litltl 


!!!!!••••••! 

••••••••••v 

'•••«••**«* 

'•••••Ml 

'•'•••••MM 

••••••MMM 

•IIIIIIMMI 
••••IIMMM 

••••••MMM 

MMMMMM 

•  •••MMMM  . . . 

MMMMMM MMMMMM 


I::::::::::: 

^  I 

/.••••••••••I 

•MMMMmI 
•••••mm 
••••••••mm] 

""••Ml 

••••••••••••  I 

•"••••••••» 

•  •••MMMM 

•  •••••••MM 

•  ••••••MM* 

•  ••••MMM* 
MMMMMM 

I  _ _ .1..,,  MMMMMM 

•  •••••••••••  MMMMMM 

•  •••••••••••  MMMMMM 

«•••••••••••  ••••••••••••  | 

••••••••••••  •••*•••••••• 

•  •••••••••••  •••••••••••*• 

••••••••••••  •••••!!!!**• 

•*••••••••••  •••  ••'•• 

*•••••••••«•  J!!!!!!! 

ttllllllMI*  *••••••••♦•* 

!!!!!:*•••••  •»•••••••**• 

iiiiiiiiiii: 


mmmmm 

•  •••MMM 
MMMMM 


:::::::: 

•  Sm'mS 
•••!!!!! 


••••••••••••••• 

••••••••••••••• 

###•••••••••••• 

##•••••••••••«* 

•if 

. . . 


4600  A 


Ask  about 


I  No  matter  the  size  of  your  company,  we've  got  a  server  that  fits.  Dell  PowerEdge  servers  have  many  amazing  "abilities": 

scalability,  availability,  manageability  and  serviceability.  So  we  grow  with  your  business,  minimize  downtime,  are  easy  to 
integrate  and  even  easier  to  support.  No  matter  what  your  business  needs  -  from  file/print  to  database  management  -  you 
can  choose  the  Microsoft®  Windows®  2000  server  solution  that  is  right  for  you.  And,  by  dealing  directly  with  Dell,  you  get  a 


0"A 

QuickLease 

for  qualified  customers 


system  customized  to  fit  your  business  needs,  at  an  affordable  price,  backed  by  our  award-winning  service  and  support.  It's  a  nice  mix  of  exactly  the  server 


you  need  and  exactly  the  server  you  want. 


Dell  |  Small  Business 

PowerEdge™  1500SC  Server 


Dell  Rated  #1  in  Intel  Server  Satisfaction 

Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

3rd  Quarter 
-  December  2001 

PowerEdge™  2500  Server 


NEW  Simple  and  Strong  Server 

•  Intel®  Pentium®  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM 

•  18GB5  (10K  RPM)  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Gigabit  NIC 

•  1-Yr  Next  Business  Day  On-Site  Service,3 1-Yr  Limited  Parts 
Warranty,2 1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

$35/mo.,  48  mos." 

VALUE  Code: 

1144-290312 


Recommended  upgrades: 

•  NEW  PowerConnect”  2124* *  24-Port  Unmanaged  Switch 
with  Gigabit  Port,  add  $299 

•  System  including  Small  Business  Server  2000  and 
memory  upgrade  to  256MB  is  $2699 


Robust  and  Scalable  Server 

•  Intel®  Pentium®  III  Processor  at  1 .1 3GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM 

•  18GB5  (10K  RPM)  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Intel®  10/100  NIC 

•  Hot-Plug,  Redundant  Cooling  Fans 

•  Optional  Hot-Plug,  Redundant  Power  Supplies 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  3-Yr  Next  Business  Day  On-Site  Service3 


*1899 


QuickLoan:  $50/mo.,  48  mos." 

©  E-VALUE  Code: 


11144-290318 


Recommended  upgrades: 

•  PowerConnect”  3024*  24-Port  Managed  Switch,  add  $699 

•  System  including  Windows®  2000  server  is  $2699 


Pentium®//! 

I  m  mm 


PowerEdge™  1650  Server 

NEW  Highly  Available  1U  Rack-Optimized  GP  Server 

•  Intel®  Pentium*  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM 

•  18GB5  (1  OK  RPM)  Ultra3  SCSI  Hard  Drive 

•  Dual  Embedded  Gigabit  NICs 

•  Hot-Plug,  Redundant  Cooling  Fans 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  Optional  Redundant  Power  Supplies 

•  3-Yr  Next  Business  Day  On-Site  Service3 


PowerEdge™  2550  Server 

2U  Rack-Optimized  Performance  and  Scalability 

•  Intel®  Pentium®  III  Processor  at  1 .1 3GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM 

•  18GB5  (10K  RPM)  Ultra3  SCSI  Hard  Drive 

•  Dual-Channel  Integrated  Ultra3  SCSI  Controllers 

•  2  Embedded  NICs  -  One  Gigabit  and  One  Intel®  10/100 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  Optional  Redundant  Power  Supplies 

•  3-Yr  Next  Business  Day  On-Site  Service3 


*1699 


QuickLoan:  $  45/mo. ,  48  mos.1 

E-VALUE  Code: 
11144-290316 


©: 


*1799 


QuickLoan:  $48/mo„  48  mos." 

©  E-VALUE  Code: 


' 11144-290317 


Recommended  upgrade:  Recommended  upgrades: 

®  System  including  Windows®  2000  sewer  is  $2499  •  Redundant  Power  Supplies,  add  $229 

•  System  including  Windows®  2000  server  is  $2599 


Servers  for  any  size  business.  Easy  as 


D0LL 


Visit  www.dell.com/cio  or  call  toll  free  1-877-334-3355. 


Dell  PCs  use  genuine  Microsoft®  Windows® 

Call:  M-F  7a-8p  Sat  8a-5p  CT  . 

Pricing,  specifications,  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary.  U  S.  Dell  Small  Business  (BSD  and  BASD)  new  WWW.nHCrOSOIt.COin/piracy/hOWtOtell 
purchases  only.  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography. 

’This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered  for  sale  or 
lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained. 

‘For  a  copy  of  our  Guarantees  or  Limited  Warranties,  write  Dell  USA  L.P,  Attn:  Warranties,  One  Dell  Way.  Round  Rock.  Texas  78682.  -'Service  may  be  provided  by  third  party: 

Technician  will  be  dispatched,  if  necessary,  following  phone-based  troubleshooting.  To  receive  Next-Business-Day  service,  Dell  must  notify  service  provider  before  5  pm 
(depending  on  service  contract)  customer's  time.  Availability  varies.  'For  hard  drives,  GB  means  1  billion  bytes;  accessible  capacity  varies  with  operating  environment. 

"Monthly  payment  is  based  on  a  48-month  12.49%  interest  rate  for  qualified  business  customers.  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending 
on  your  creditworthiness.  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary 
Minimum  transaction  size  of  $500  is  required.  Maximum  aggregate  financed  amounts  not  to  exceed  $25,000.  Not  valid  on  past  orders  or  financing.  QuickLoan  is  from  CIT 
OnLine  Bank  to  Dell  Small  Business  (BSD)  customers  with  approved  credit.  '‘QuickLease  arranged  by  Dell  Financial  Services  L.P.,  an  independent  entity,  to  qualified  Small 
Business  (BSD  and  BASD)  customers.  0%  leasing  offer  only  applicable  for  a  24-month  Fair  Market  Value  (FMV)  QuickLease  and  valid  on  hardware  products  only.  Applicable 
taxes,  fees  and  shipping  not  included.  Minimum  transaction  size  of  $500  is  required.  At  the  end  of  the  FMV  QuickLease  term,  the  Lessee  shall  have  the  following  options: 

Purchase  the  equipment  for  the  then  FMV,  renew  the  lease  or  return  the  equipment  to  the  Lessor.  Please  contact  your  Dell  Financial  Services  representative  for  further 
details.  All  terms  are  subject  to  credit  approval  and  availability  and  are  subject  to  change  without  notice.  Not  valid  on  past  orders  or  leases.  Dell,  the  stylized  E  logo. 

E-Value,  PowerEdge  and  PowerConnect  are  trademarks  of  Dell  Computer  Corporation.  Intel,  Intel  Inside,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks 
of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  MS.  Microsoft,  and  Windows  are  registered  trademarks  of  Microsoft  Corporation. 

©2002  Dell  Computer  Corporation.  All  rights  reserved. 


© 

USE  THE  POWER  OF 
THE  E-VALUE  CODE. 

Match  our  latest  technology 
with  our  latest  prices.  Enter  the 

E-VALUE  code  online  or  give  it 

VALUE 

to  your  sales  rep  over  the 
phone  www.dell.com/evalue 

Columns 

DAVENPORT  ON 
Enterprise  IT  at  the 
Crossroads  I  36 

Companies  need  to  use  technology  for 
long-term  business  advantage  while  making 
short-term  cost  cuts.  By  Tom  Davenport 

WORLDVIEW 
When  Face-to-Face 
Doesn’t  Fly  I  43 

With  travel  budgets  slashed,  conferencing 
technologies  can  help  global  companies  fill 
the  communication  void,  but  only  up  to  a 
point.  By  David  Dobrin 

ASK  THE  EXPERT 
Gearing  Up  for 
Globalization  I  120 

Katarina  Bonde,  CEO  of  technology 
provider  Glides,  on  the  challenges  of 
globalizing  and  localizing  the  Web. 

Sections 

TRENDLINES  I  24 

Method  to  March  Madness;  Sheep  thrills; 
Watch  your  wireless  network;  Commando 
CEO.  And  more 
WASHINGTON  WATCH  I  28 
EPA  targets  computer  recycling. 

OFF  THE  SHELF  I  32 
Managing  the  Unexpected  and 
Developing  Global  Executives; 

Book  Talk;  CIO  Best-Sellers 


HOTSEAT I  46 

Your  Guide 
to  Managing 

Strategic  Planning 

CIOs  have  two  important  parts  to  play 
when  it  comes  to  strategy — and  they’re  not 
easy.  By  Mark  Gordon 

Multitasking  I  50 

Tallying  the  cost  of  multitasking  and 
turning  it  into  a  tool. 

Leadership  Imperative  I  52 

The  new  CIO  mantra:  Shut  up  and  listen. 

If  Marriott  CIO  Carl  Wilson  hadn't  been 
involved  in  strategic  planning  for  CRM, 
he  might  have  “messed  it  up,”  he  says. 


EMERGING  TECHNOLOGY  I  108 

Wireless  data  will  get  a  boost  in  2002 — but 
how  much  of  one  depends  on  whom  you 
ask.  By  Danielle  Dunne 

COMPANIES  TO  WATCH  I  112 

Red-M:  Cutting  those  wires. 

UNDER  DEVELOPMENT  I  114 

A  quantum  physics  breakthrough  leads  to 
mysterious  possibilities — and  skepticism. 

REVISIT  I  116 

Computer-aided  visualization  looks  to 
bring  data  to  life. 

PREDICTIONS  I  116 

Ethernet  all  the  way. 


In  Every  Issue 

FROM  THE  EDITOR  I  16 
Courage 

CIOs  need  to  be  more  aggressive,  confident 
and  brave.  By  Abbie  Lundberg 

INBOX  I  20 

Reader  feedback 

INDEX  I  129 

EXECUTIVE  SUMMARY  I  130 

Abstracts  of  all  the  feature  stories  found 
in  this  issue. 


“Most  organizations  need  a  bifocal  strategy  with 
enterprise  IT— short-term  cost  reduction  and 
long-term  competitive  positioning.  Of  course, 
bifocals  can  initially  be  disorienting.” 

-Tom  Davenport,  CIO  columnist  Page  36 


10  CIO  MARCH  15,  2002  •  www.cio.com 


WAS  A  WICKED  HAIRCUT. 


Introducing  Sun’s  complete  storage  solutions.  A  new  approach 
to  storage  that  can  make  you  look  pretty  sharp. 

In  today’s  complex,  data-hungry  IT  environment,  storage  has  to  be  a  lot  more  than  just  a  box.  You  need  your  storage  to  be  an 
integrated  part  of  your  entire  IT  infrastructure.  How  are  you  going  to  get  there?  With  complete  storage  solutions  from  Sun.  By 
thinking  about  your  IT  infrastructure  as  a  whole,  you  can  reduce  complexity  throughout  your  enterprise.  And  with  Sun  StorEdge" 
this  practical  approach  to  storage  now  exists.  All  of  Sun’s  new  storage  products  -  software,  hardware  and  services  -  are  part  of 
Sun’s  end-to-end  IT  infrastructure.  And  all  of  our  products  are  optimized  for  the  Solaris"  Operating  Environment,  yet  open  to 
heterogeneous  environments.  Everything  can  now  work  as  one.  And  that  means  more  utilization  of  your  storage  resources,  with 
unparalleled  uptime  and  a  lower  cost  of  ownership,  even  if  you’re  on  a  multi-vendor  system. 


SUN'S  NEW  STORAGE  OFFERINGS 


Software 

With  the  new  Sun  StorEdge  software  suites, 
you  have  complete  control  over  all  your 
storage  resources: 


Systems 

Our  storage  systems,  ranging  from  the 
workgroup  to  the  data  center,  are  optimized 
to  your  environment: 


Services 

Sun’s  services  team  can  help  you  build  a 
storage  environment  custom-fit  to  your 
enterprise. 


Availability  Suite:  for  increased  uptime  and 
rapid  recovery  from  disasters. 

Utilization  Suite:  so  you  can  uncover  every 
nook  and  cranny  of  available  storage. 

Resource  Management  Suite:  lets  you 
proactively  manage  your  storage  capacity. 

Performance  Suite:  provides  quick  data 
access,  continually  protected  information 
and  our  new  next-generation  file  system. 


Industry-Leading  Scalability 


Traditional  file  systems  Sun  QFS  &  SAM  -  FS 


New  Sun  StorEdge  3900  series:  delivers  the 
best  high-performance  computing  available. 


New  Sun  StorEdge  6900  series:  integrated 
virtualization  technology  lets  you  pool 
every  last  byte  of  storage  capacity  and 
share  it  across  multiple  systems,  so  you 
can  consolidate  all  your  storage  resources. 


The  Sun  StorEdge  9900  series:  simply  delivers 
best-in-class  storage  performance,  five-9s 
availability  and  connectivity  for  your 
mission-critical  data  center. 


Because  our  focus  isn’t  limited  to  storage, 
you  can  benefit  from  our  comprehensive 
understanding  of  the  interdependence 
between  your  storage,  servers,  software 
and  the  network. 

We  can  also  provide  handy  assistance  on 
everything  from  general  consulting  and 
implementation  to  the  finer  points  of  data 
management  planning. 

Finally,  because  we  know  prevention  is 
the  best  medicine,  we  offer  Sun  StorEdge 
Remote  Response:  pre-emptive  support 
that  gives  you  round-the-clock  monitoring 
of  your  storage. 

You  get  everything  you  need  to  maximize 
your  return  and  minimize  your  costs. 


(  ^ 

Storage  for  Solaris  or  a  heterogeneous  environment?  Why  not  both? 

If  you’re  already  using  Sun’s  rock-solid  servers  and  award-winning  Solaris  Operating  Environment  (rated  the  #1  OE  by 
D.H.  Brown  Associates),  you  can  be  sure  that  Sun  StorEdge  is  optimized  to  get  the  most  out  of  your  storage  resources. 
And  if  your  environment  includes  other  operating  systems  and  server  platforms  (such  as  NT,  Linux  or  AIX),  our 
open  solutions  will  make  your  storage  work  harder  and  smarter. 

V _ J 


For  more  information  on  Sun’s  complete  storage  solutions,  all  you  have  to  do  is  take  the  first  step. 

Visit  www.sun.com/sunstorage,  or  contact  your  Sun  representative. 

&Sun 

microsystems 


m 


NECTIONS 


Find  these  stories  and  other  resources  in 
the  Web  Connections  box  at  www.cio.com. 


LEARN  MORE 


Debunking  the  threat 
to  utilities 


Marcus  Kempe, 
director  of  operations 
support,  MWRA 


In  “The  Truth  About  Cyberterrorism” 

(Page  66),  Senior  Writer  Scott 
Berinato  explores  what’s  real— and 
what  isn’t— about  the  threat  of 
cyberterrorism.  As  part  of  his  report¬ 
ing,  Berinato  got  an  in-depth  look  at 
the  Massachusetts  Water  Resource 
Authority’s  IT  security  with  Director 
of  Operations  Support  Marcus 
Kempe.  Read  his  account  by  going  to 
the  Web  Connections  box  at  CIO.com. 

WEIGH  IN 

How  do  you  get  user  buy-in? 

Whether  you’re  implementing  professional 
services  automation  software  (“RoboBoss,” 
Page  84)  or  making  big  changes  (“Quick 
Change  Artists,”  Page  92),  it’s  money  down 
the  drain  if  the  people  who  are  supposed  to 
use  the  new  system  don’t.  Share  your  secrets 
for  aiding  adoption— early  and  otherwise. 


CIO  Reader  Poll 

Can  remote  conferencing  technologies  replace 
the  face-to-face  meeting? 

As  this  issue’s  World  View  column  (Page  43)  points  out,  before  Sept.  11, 


What’s  New  in  the 
Security  Research  Center 

Responding  to  security  problems 

NEW  SECTION  Do  you  know  what  to  do 
when  you’ve  been  hacked?  The  new 
Responding  to  Problems  area  features  the 
CIO  Cyberthreat  Response  &  Reporting 
Guidelines,  a  collaboration  among  industry 
professionals,  law  enforcement  and  CIO 
magazine  for  dealing  with  computer  secu¬ 
rity  incidents.  Also  included  are  resources 
for  what  to  do  after  an  incident  and  lists  of 
agencies  to  contact.  Go  to 
www.cio.com/security. 


Enron  IT-a  tale  of  excess 
and  chaos 


ONLINE  EXCLUSIVE  Enron  spent  money 
on  IT  like  there  was  no  tomorrow.  And 
now  there  isn’t.  To  read  the  IT  angle 
on  the  Enron  debacle,  check  out 

www.cio.com/security. 


Our  Daily  Web 

Monday  Tech  Tact 

Technology  Editor  Chris¬ 
topher  Lindquist  covers 
what’s  coming  and  what 
it's  good  for. 


Tuesday  CIO  Radio 

Web  Writer  Danielle  Dunne  talks  with  the 
experts. 


Wednesday  Metrics 

Web  Writer  Jon  Surmacz 
finds  the  industry  num¬ 
bers  that  matter. 

THURSDAY  Sound  Off 

Read  the  column  that 
takes  a  stand  on  manage¬ 
rial,  political  and  ethical 


dilemmas  that  confront  CIOs  daily. 


if  a  meeting  was  really  important,  you  had  to  be  there.  After  Sept.  11,  the 
travel  picture  has  changed.  Are  videoconferencing  and  its  allies  suitable 
replacements?  Weigh  in  at  www.cio.com/readerpoll. 


Friday  35  Cent  Consultant 

Executive  Editor  Derek  Slater  gives  advice 
worth  the  price. 


4  CIO  MARCH  15,  2002 


www.cio.com 


PHOTO  LEFT  BY  FURNALD/GRAY 


ORACLE  #1,  IBM  #2,  BEA  #3 


Organizational  Penetration  of  Application  Servers 
Suppliers  in  North  America 


Oracle9/AS 
IBM  WebSphere 

BEA  WebLogic 
Sybase  EA  Server 
iPlanet  Application  Server 

Other 

SilverStream 


0  5  10  15  20  25  30  35  40 

%  of  Companies  Who  Deployed  (of  Application  Server  Adopters) 


Independent  analyst  survey  shows 
Oracle's  application  server 
has  more  customers 
than  IBM  or  BEA. 


Source:  Hurwitz  Group,  August,  2001 
IT  Decision-Makers  Study,  N=150 


oracle.com/hurwitz 
or  call  1.800.633.1072 


Copyright  ©2001  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation 
Other  names  may  be  trademarks  of  their  respective  owners. 


From  the  Editor 

lundberg@cio.com 


Want  to  hone  your  leadership 
skills?  Visit  our  Leadership 
and  Management 
Research  Center  at 

www.  c/o.  com/leadership. 


Courage 


I  was  in  Austin,  Texas,  for  the  last  couple  of  days, 
primarily  to  speak  at  a  conference  on  homeland 
defense  and  critical  infrastructure  hosted  by  the 
Texas  attorney  general’s  office.  While  I  was  in 
town,  I  hosted  a  breakfast  for  some  of  our  Austin- 
area  readers. 

There  were  about  a  dozen  of  us,  and  the  con¬ 
versation  was  so  good  I  thought  I’d  share  some  of 
the  highlights. 

We  talked  a  lot  about  leadership  and  the  ability 
of  CIOs  to  deliver  value,  and  the  discussion  took 
some  interesting  turns.  For  one  thing,  a  number  of 
CIOs  expressed  the  belief  that  technology  itself  had 
more  or  less  plateaued — that  things  from  a  tech¬ 
nological  standpoint  were  getting  easier  and 
becoming  more  stable.  So  CIOs  have  an  easier  time 
with  the  service  part  of  their  job,  providing  “dial 
tone”  and  applications  to  support  the  business  as 
it  exists  today.  This  is  giving  them  more  time  for  the 
business  leadership  part  of  their  job,  and  with  CIOs 
that  generally  means  thinking  about  how  IT  can 
transform  things. 

At  the  same  time,  there  appears  to  be  a  back¬ 
lash  within  their  organization  to  all  the  hype  that’s 
been  dished  out  by  high-tech  vendors  during  the 
past  five  years.  CEOs  and  other  executives  who 
bought  in  to  the  hype  have  become  jaded  and  skep¬ 


tical  of  even  the  most  reasonable  of  value  claims — 
especially  when  it  involves  transformation.  Conse¬ 
quently,  CIOs  themselves  must  increasingly  don  the 
mantle  of  marketer  and  find  a  way  to  sell  the  real 
value  of  what  this  stuff  can  actually  do. 

Together,  these  two  trends  add  up  to  one  con¬ 
clusion:  To  succeed  today,  CIOs  need  to  become 
“more  aggressive,  confident  and  brave,”  as  one 
CIO  put  it.  They  need  to  be  creative  and  engage 
their  business  partners’  imagination  about  what  the 
future  might  look  like.  And  they  need  to  be  will¬ 
ing  to  confront  people — to  really  fight  for  what 
they  know  to  be  true.  To  sit  back  and  just  assume 
a  service  mentality  is  to  shirk  responsibility. 

This  means  staying  with  one  job  for  much  longer 
than  the  current  average.  “CIOs  need  to  stick  it 
out  and  fight  the  fight,”  said  one  CIO. 

“Longevity  helps,”  agreed  another,  who  de¬ 
scribed  his  initial  four  years  of  struggling  to  be 
heard  and  making  little  headway,  but  through  per¬ 
severance,  the  tide  turned,  with  the  next  four  years 
bringing  significant  progress  (and  some  really 
impressive  results). 

It  sounds  to  me  like  the  profile  of  a  successful 
CIO  in  2002  is  more  like  that  of  an  explorer  or  a 
revolutionary  than  a  servant  or  technician.  It  takes 
confidence,  endurance  and  real  courage. 


,  2002  •  www.cio.com 


16  CIO 


MARCH  15 


PHOTO  BY  JASON  GROW/SABA 


NTT  Communications  Group  Offices 

Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Belgium  •  Switzerland  •  Italy  •  Spain  •  Korea  •  China 
•  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas. 


Now  that  NTT  Communications  has  joined 
forces  with  Verio,  there's  a  solutions  provider 
with  the  power  to  meet  your  Internet  needs 
end-to-end  and  top-to-bottom. 


www.ntt.com/verio 

For  further  information,  contact  : 
NTT  Communications  Corporation, 
nttverio@ntt.com 


As  NTTA/ERIO,  we  operate  a  global  Tier  1 
IP  network  with  an  industry-leading  SLA.  We 
offer  seamlessly  integrated  IP  solutions,  from 
maximally-secure  VPNs  and  fail-safe  hosting 
to  consultation  and  24/7  maintenance.  Our 
one-stop  solutions  also  cover  ATM  and  Frame 
Relay,  supplied  through  our  Arcstar  global 
managed  data  network  services. 


Just  as  importantly,  we  have  the  breadth  ol 
experience  and  the  deep  financial  resources 
that  are  your  best  assurance  we'll  be  there  to 
support  you  for  a  long  time  to  come. 


Yoifto/ant  to  go  farther. 

You  need  an  IP  solutions  provider 
that  can  go  the  distance. 


GLOBAL  SLA 


AMERICAS 


Arcstar  GLOBAL 
NETWORK 


EUROPE 


ASIA 


GLOBAL  IP  NETWORK 


DATA  CENTER 


GLOBAL  SERVER  LOAD  BALANCING 
(Smart  Content  Delivery) 


JAPAN 


IP-VPN 

(IP  Sec  Type;  Global  IP 
Security  Gateway  Service) 
(Multi-protocol  label 
switching  (MPLS)  Type) 


NTT/ VERIO 


•  « 


COMPAQ  WIRELESS  SOLUTIONS. 

HOW  TO  TAKE  YOUR  SYSTEMS  ON  THE  ROAD. 

In  the  world  of  sales,  time,  or  downtime,  is  money.  To  get  a  jump  on  your  competition  and  act  on 
opportunities,  your  people  need  to  update  sales  orders  and  profile  sheets,  submit  call  reports  or 
send  e-mails  all  the  time,  wherever  they  are.  For  these  people  we  make  Compaq  wireless  solutions* 
They're  built  around  wireless  infrastructures  designed  by  the  experts  at  Compaq  Global  Services. 
They  run  powerful  enterprise-level  apps  from  our  specialized  partners  like  Siebel.  And  each 
wireless  solution  connects  products  like  the  versatile  iPAQ  Pocket  PC  or  ultra-portable  Compaq  Evo 
Notebook  N200  (pictured  above)  with  Ultra-Low-Voltage  Intel®  Pentium®  III  Processor-M.  In  today's 
business  climate,  your  people  should  never  be  out  of  commission.  Stay  on  track  with  Compaq. 


Start  by  calling 
Compaq  Global  Services. 

Whether  you  need  an  entire 
wireless  infrastructure,  or 
you  simply  need  to  add  key 
components,  we  can  plan  and 
integrate  the  right  solution 
for  you.  You  can  buy  either 
24X7  or  9X5  CarePaq™  service 
support. 

$0  DOWN,  0%  LEASE  RATE** 


EVO  NOTEBOOK  N160 

STARTING  AT  $1,399 

LEASE  FOR  AS  LOW  AS  $59/mo. 

•  Affordable  performance  &  mobility 

•  Intel®  Celeron®  processor  1.06GHz 

•  14.1-inch  TFT  XGA  display 

•  12.8MB  SDRAM  (133MHz) 

•  20GB  hard  drive 

•  Integrated  DVD/ROM 

•  Mini  PCI  v.92  modem 

•  Integrated  10/100  NIC 

•  Microsoft®  Windows®  98  SE 

•  1-year  limited  worldwide 
warranty*" 


iPAQ  POCKET  PC  3850 

STARTING  AT  $599 

LEASE  FOR  AS  LOW  AS  $25/mo. 

•  Sleek,  ergonomic  and  loaded 

•  206MHz  Intel®  StrongARM 
SA-1110  32-bit  RISC  processor, 
64MB  SDRAM 

•  32MB  Flash  ROM  memory 

•  Reflective  TFT  display  with 
64K  colors 

•  Built-in  secure  digital  slot  for 
memory  expansion 

•  Microsoft®  Pocket  PC  2002 
operating  system 

•  Pocket  Outlook  and  Pocket  Office 

•  Handwriting  recognition 

« Virtual  keyboard 

•  Character  recognition 

•  Voice  recorder 


EVO  NOTEBOOK  N200 

STARTING  AT  $1,799 

LEASE  FOR  AS  LOW  AS  $75/mo. 

•  Powerful,  highly  mobile  ultra-portable 

•  Ultra-Low-Voltage  Mobile  Intel® 
Pentium®  III  processor  700MHz 

•  192MB  SDRAM  standard 
(100MHz) 

•  10.4-inch  TFT  XGA  display 

•  1.13  kg  (2.5  lbs) 

•  Single  internal  battery 

•  20GB  user-removable  SMART 
hard  drives 

•  Integrated  Mini  PCI 

•  Modem/NIC  Combo 

•  90%  keyboard 

•  Microsoft®  Windows®  2000 

•  1-year  limited  worldwide 
warranty*** 


to  find  out  how  to  deploy  a  wireless  solution 

visit  Compaq  global  services  at  compaq.com/mobility 

or  call  1-800-AT-COMPAQ 


Compaq  PCs  use  genuine  Microsoft®  Windows® 
www.microsoft.com/piracy/howtoteil 

Prices  reflect  current  Internet  list  pricing  at  time  of  printing  and  are  subject  to  change.  SB  W 

'Wireless  LAN  or  WAN  capability  provided  via  wireless  air  card.  Subject  to  wireless  network  coverage.  Wireless  airtime  contract  required.  "0%  lease  rate  assuming  lessee  does  not  exercise  a  fair  market  value 
purchase  option  at  the  end  of  the  lease  term  and  timely  returns  leased  equipment  to  Compaq  Financial  Services  Corporation  at  the  end  of  the  lease  term  and  disregarding  any  charges  payable  by  lessee  other 
than  rent  payments  (such  as  taxes,  fees  and  shipping  charges).  Under  this  program,  an  FMV  lease  term  of  24  months  is  available  for  qualifying  lease  transactions  above  $499.  $0  down  excludes  a  first  rent 
payment  due  in  advance.  Costs  of  software  and  services  qualify  for  the  0%  implicit  lease  rate  provided  they  do  not  exceed  25%  of  the  total  cost  of  all  hardware,  software  and  services.This  offer  is  valid  through 
March  31,  2002  to  qualified  commercial  customers  in  the  U.S.,  subject  to  credit  approval  and  execution  of  CFSC  lease  documentation.  Other  restrictions  may  apply  and  CFSC  reserves  the  right  to  change  or 
cancel  this  program  at  anytime  without  notice. ’"Certain  restrictions  and  exclusions  may  apply.  For  complete  warranty  details,  consult  the  Compaq  Product  Information  Center,  1-800-345-1518  (U.S.).  Compaq, 
the  Compaq  logo,  Evo  and  iPAQ  are  trademarks  of  Compaq  Information  Technologies,  L.P.  in  the  U.S.  and  other  countries.  Intel,  the  Intel  Inside  logo,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks 
of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  in  other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation  or  its  subsidiaries  in  the  United 
States  and  in  other  countries.  Products  and  company  names  mentioned  herein  may  be  trademarks  or  registered  trademarks  of  other  companies.  ©2002  Compaq  Computer  Corporation. 


COMPAQ 

Inspiration  Technology 


InBox 

Reader  Feedback 


SEIZE  THE  NET 

A  friend  pointed  me  to  Anthony  Townsend's  “Take  Back  the  Net”  article  in  the  Dec.  1, 
2001,  issue.  I  would  add  that  the  Net  wasn’t  “taken”  from  us,  we  gave  it  away.  It’s  the 
lack  of  innovation  and  entrepreneurial  activity  on  the  part  of  the  people  with  money  that 
has  really  hurt.  By  “entrepreneurial,"  I  don’t  mean  pouring  investment  dollars  into  the 
latest  hot  trend,  although  that’s  what  some  people  appear  to  think  it  means.  I  mean 
taking  a  solid  concept  that's  new  and  different  and  making  it  work.  My  friends,  if  you 
want  to  “take  back  the  Net,”  and  I  truly  hope  you  do,  then  get  off  your  butts  and  do  it. 
Bob  Adams  •  Exec.  Dir.,  Global  Community  Ctr.  •  Washington,  D.C.  •  bob@globaldevelopment.org 


Opinion 


FREE  AT  LAST 

I  want  to  share  my  experience  with 
Linux  [“How  to  Run  a  Microsoft-Free 
Shop,”  Jan.  1,  2002].  We  are  a  consult¬ 
ing  company,  mainly  focused  in  IT  ser¬ 
vices  around  Lotus  Notes  and  Domino. 
Our  employees  all  have  an  IBM  ThinkPad 
laptop,  and  some  of  them  have  a  PC 
workstation  in  the  office.  We  success¬ 
fully  switched  all  our  servers  to  Red 
Hat  Linux  and  are  currently  switching 
our  clients  to  Linux  as  well.  Most  of  the 
software  or  tasks  we  do  on  a  daily  basis 
are  available  on  Linux,  but  there  are 
still  some  applications  that  we  can’t 
find  an  adequate  replacement  for. 

We  started  to  use  OpenOffice  as  a 
Microsoft  Office  replacement.  We  are 
very  happy  to  see  that  we  can  read  and 


modify  all  of  our  WinWord  documents 
without  any  problem.  Some  of  them 
need  small  changes  after  opening  them 
in  OpenOffice,  but  this  is  not  a  big  deal. 
We  find  Linux  in  a  very  mature  state. 
Even  IBM  internally  is  looking  at  Linux. 
None  of  us  have  completely  switched 
to  Linux  on  the  desktop.  We  just  started 
to  look  at  it,  but  we  are  still  not  where 
we  want  to  be.  The  main  reason  that  we 
are  not  100  percent  converted  to  Linux 
is  the  lack  of  know-how  and  the  missing 
applications  that  we  need. 

Stevan  Bajic 

CEO 

Vision  Unit  GmbH 
Zug,  Switzerland 
stevan.bajic@visionunit.cb 

I  would  love  to  be  Microsoft  free  but  I 
cannot  see  other  servers  or  printers.  The 
bottom  line  is  that  Red  Hat  has  to 
make  a  better  effort  to  get  the  worksta¬ 
tion  installation  to  work  right  without 
becoming  a  full-time  hacker. 

Documentation  is  almost  nonexis¬ 
tent  on  how  to  set  up  a  workstation 
that  really  works  and  is  actually  part 
of  a  network.  What  Red  Hat  and 
Mandrake  seem  to  forget  is  that  even 
though  Linux  is  not  Windows,  one  rea¬ 
son  why  Windows  dominates  the  mar¬ 
ket  is  that  installation  of  a  Windows 


95,  98  or  NT  workstation  is  a  quick 
and  simple  process.  A  half  hour’s  work 
and  the  thing  comes  up,  opens  its  eyes, 
sees  the  network,  logs  on  to  the  net¬ 
work,  makes  it  easy  to  install  printers, 
maps  drives  (create  mountpoints)  to 
network  resources,  and  is  ready  to  go. 
My  two  experiences  so  far  have  been 
akin  to  delivering  a  nice  looking  baby 
that  can’t  see  or  hear. 

Dave  Harman 

Systems  Administrator  and  IS  Mattager 
Kenwood  Americas  Manufacturing 
El  Paso,  Texas 
dbarman@kenwoodmexico.com 

CLARIFICATION  A  story  describing 
CIOs’  reactions  to  Microsoft’s  new 
licensing  practices  (“The  Meter  Is  Run¬ 
ning,”  CIO,  Jan.  15,  2002)  spelled  out 
a  number  of  licensing  options  available 
to  CIOs  including  one  option  known 
as  the  Enterprise  Agreement.  Our  story 
explains  that  customers  who  opt  for  an 
Enterprise  Agreement  enjoy  software 
discounts  while  agreeing  to  use  only 
Microsoft  products  and  not  install  com¬ 
petitive  products.  In  fact,  Microsoft 
officials  say,  the  language  of  an  Enter¬ 
prise  Agreement  does  not  preclude 
customers  from  buying  and  using  com¬ 
peting  products.  The  agreement  does, 
however,  require  customers  to  pay  a 
license  fee  for  every  desktop  in  the 
enterprise,  even  if  customers  decide  to 
use  an  alternative  product. 

WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letters@cio.com.  Letters  may  be 
edited  for  length  or  clarity. 


20  CIO  MARCH  15,  2002  •  www.cio.com 


energy  &  power  •  industry  &  automation  •  information  &  communication  •  medical  systems  &  healthcare  •  financing  •  lighting  •  transportation 


SIEMENS 


network  of  innovation 


Global 


Siemens  Corpora 


4j 

vs 

Jk  is 

.Jg  flft 

1  I 

'•  i 

[  1 

f. 

. 

f 

•  J  - 

[ 

*  1 

| 

! 

1 

£  j 

[ 

{  %  r.  j 

I  f-'  1 

t 

r 

m 

; 

Mr 

j 

f  ^ 

£  si 

|  J 

R  k  1 

1  I 

E  £  f 

f  * 

m 

,,  “ 

4 1 

s 

,  * 

; 

'"V 

1 

I 

The  Magazine  for  Information  Executives 


President  &  CEO  Joseph  L.  Levy 
Publisher  Gary  J.  Beach 

Editorial  Director  Lew  McCreary 

EDITORIAL 

Editor  in  Chief  Abbie  Lundberg 
Deputy  Editor  Richard  Pastore 

Managing  Editor  David  Rosenbaum 
Managing  Editor,  Production  Cheryl  R.  Asselin 

Executive  Editors  Tom  Field  (Editorial  and  Community 
Development),  Michael  Goldberg,  Christopher  Koch 
(Investigations),  Derek  Slater 

Columns  Editor  Katherine  Noyes,  Departments  Editor 
Sandy  Kendall,  Leadership  and  Management  Editor 
Edward  Prewitt,  Opinion  and  Knowledge  Management 
Editor  Megan  Santosus,  Research  Editor  Lorraine 
Cosgrove  Ware,  Special  Projects  Editor  Mindy 
Blodgett,  Technology  Editor  Christopher  Lindquist 

Senior  Editors  Alison  Bass  (CRM),  Elana  Varon  (B2B 
E-Commerce) 

Features  Editors  Lafe  Low,  Sara  Shay 

Senior  Writers  Scott  Berinato  (Security  and  Vendor 
Management),  Eric  Berkman,  Meridith  Levinson 
(B2C  E-Commerce),  Stephanie  Overby,  Susannah 
Patton  (B2C  E-Commerce),  Sarah  D.  Scalet  (Security 
and  Privacy) 

Staff  Writers  Simone  Kaplan,  Ben  Worthen 

Copy  Chief  Tom  Wailgum 

Asst.  Managing  Editor,  Production  Kathleen  S.  Carr 

Copy  Editors  Kelli  A.  Gauthier  (Assoc.),  Emily  S, 
Henderson,  Sarah  Johnson  (Assoc.),  Penny  Sloane  (Sr.) 

Research  Manager  Lynne  Z.  Rigolini 
Editorial  Resource  Manager  Carol  Zarrow 

Editorial  Assistants  Amanda  Fox,  Daniel  J.  Horgan, 

Joe  Sullivan,  Stephanie  Viscasillas 

Special  Projects  Assistant  Cristina  Sousa 
Contributing  Editor  Janice  Brand 
Editor  at  Large  Jerry  Gregoire 

Contributors  Susan  Cramm,  Tom  Davenport, 

David  Dobrin,  John  Edwards,  Mark  Gordon, 

Preston  Gralla,  Fred  Hapgood,  Carol  Hildebrand 


How  to  Reach  Us 

E-mail  letiers@cio.com 
Phone  508  872-0080 
Fax  508  879-7784 

Address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.O.  Box  9208, 

Framingham,  MA  01701-9208 

Website  www.cio.com 

Topic  Experts  www.cio.com/online_beats2.html 

Subscriber  Services  800  788-4605,  Fax  508  879-7899, 
E-mail  denisep@cio.com 

Rights  and  Permission  Karen  J.  Zirpola  •  508  935-4366, 
E-mail  kzirpola@cio.com 


Editorial  Operations  Coordinator  Karen  J.  Zirpola 
Editorial  Administrative  Assistant  Joyce  Paquette 

DESIGN 

Executive  Director,  Art  and  Design  Mary  Lester 
Art  Directors  Hana  Barker,  Lisa  Munroe 
Associate  Art  Directors  Owen  Edwards,  Andrea  Healy 

Senior  Designers  Susan  W.  Gilday,  George  Lee, 

Terri  Mitchell,  Chandra  Tallman 

Associate  Designers  Alberto  Capolino,  Jennifer  Landry 

Design  Group  Assistant  Rachel  Barnett 

WEBSITE 

Senior  VP/General  Manager,  Online  Tim  Horgan 

Web  Editorial  Director  Art  Jahnke 

Executive  Web  Editor  Martha  Heller 

Web  Editor  Ryan  Mulcahy 

Web  Writers  Danielle  Dunne,  Jon  Surmacz 

Online  Technology  Director  Dagmar  Eiben 

Senior  Web  Developer  Ellen  Morey 

Online  Research  Manager  Kathleen  Kotwica 

Audience  Development  Manager  Andy  Burrell 

Web  Developers  Diane  Chen,  Shannon  Macdonald 

Web  Engineer  Kelly  Kimball 

Online  Content  Researchers  Tara  Gillet-Liloia, 

Lisa  Sydney 

Web  Intern  Graham  White 

CIRCULATION 

Senior  VP/Circulation  Carol  A.  Spach 
Subscription  Svcs.  Manager  Denise  Perreault 
Subscription  Svcs.  Supervisor  Tina  Pescaro 
Circulation  Assistant  Lisa  Byron 
Circulation  Assistant/Researcher  Matthew  Millette 

PRODUCTION 

VP/Manufacturing  Chris  Cuoco 
Production  Manager  Lee  Tuttle 
Ad  Production  Coordinator  Lisa  Stevenson 

EXECUTIVE  PROGRAMS 

VP  and  General  Manager  Ronald  L.  Milton 
Executive  Assistant  Susan  Weidman 
VP,  Event  Marketing  Cynthia  Mollus 
Director,  Marketing  Services  Shellie  Rapson  James 
Manager,  Program  Operations  Brian  Fuce 
Manager,  Procurement/Tech.  Planning  Cynthia  Laird 

Managers,  Program  Development  Sherry  Keyles, 

Maria  Power 

Event  Development  Specialist  Sandra  J.  Hughey 

Program  Applications  Specialists  Heather  Beauton 
(Senior),  Leah  Graves  (Assoc.) 

Senior  Program  Marketing  Specialist  Karen  Peabody 
Operations  Coordinator  Michael  Barbato 
Fulfillment  Services  Coordinators  Andrea  Harney, 


Kristine  Vibert 

Manager,  Event  Planning  Amy  Sanderson 

MARKETING 

Executive  VP/Marketing  Cathy  O'Leary  Hayes 
VP/News  and  Information  Susan  Watson 
Media  Relations  Manager  Karen  Fogerty 
News  and  Information  Specialist  Julie  Hanson 
News  and  Information  Assistant  Lori  Piscatelli 
Marketing  Research  Director  Bridget  Cammarata 
Marketing  Research  Manager  Carolyn  Johnson 
Sr.  Marketing  Research  Analyst  Dylan  DiGregorio 
Marketing  Comm.  Director  Sue  Yanovitch 
Marketing  Comm.  Manager  Nicole  Glinski  Curtin 
Sr.  MarCom  Development  Specialist  Kari  Curto 
Marketing  Comm.  Coordinator  Sarah  Crowley 

ADMINISTRATION 

Executive  VP/Operations  Walter  Manninen 

Executive  Assistant  to  the  President/CEO 

Diane  Martin 

Financial  Manager  Cynthia  Petrillo 

Jr.  Financial  Analyst  Hilary  Smith 

Billing  Administrator  Joyce  Gillis 

Facilities  Specialist  John  Kelley 

Office  Services  Coordinator  Mary  E.  Wooldridge 

INFORMATION  SYSTEMS 

VP/CIO  David  Woodall 

Infrastructure  Manager  James  C.  Burgoyne 
User  Services  Manager  Ron  Bettencourt 
Senior  User  Services  Specialist  Michael  Fahlsing 
System  Administrator  Robert  Reagan 

User  Support  Specialists  Jonathan  Frappier, 

Paul  Goddard 

NEW  BUSINESS  DEVELOPMENT 

VP,  Business  Development  &  Strategic  Alliances 

Cheryl  M.  Hardy 

Coordinator,  Business  Development  Kelly  Gabe 

HUMAN  RESOURCES 

VP,  Human  Resources  Patricia  Reilly 
Human  Resources  Manager  Tanya  Bureau 
Human  Resources  Representative  Beth  Senges 


MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 
President  &  CEO  Kelly  Conlin 
Board  Chairman  Patrick  J.  McGovern 

Vbpa 

▼  INTERNATIONALS 

©  CXO  Media  Inc. 


2  2  CIO  MARCH  15,  2002 


www.cio.com 


Supplier  Intelligence  |  Customer  Intelligence  |  Organizational  Intelligence  |  Enterprise  Intelligence  |  Intelligence  Architecture 


How  can  you  increase 
customer  profitability? 


Identify  (and  keep)  your 
most  valuable  customers? 


And  get  greater  ROI  from 
your  marketing  campaigns? 


->V.  '  ’* ' 

'*  /.  :\y, 


-  . 


SJfZ' 


ou  with  a  complete  view  of 
mers.  So  you’ll  understand  their  needs, 
enhance  their  lifetime  value  and  achieve  greater 
competitive  advantage.  To  find  out  how  leading 
companies  are  reaping  the  rewards  of  SAS 
customer  intelligence,  call  toll  free  1  866  270  5723 
or  visit  us  at  www.sas.com/customer 


The  Power  to  Know,, 


\ 

\ 

| 

^  ..  TH 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration. 
©  2002  SAS  Institute  Inc.  All  rights  reserved  48417US.0202 


t  li  e  N  E  W  i  li  e  H  O  T  ilieUNEXPECT  E  D 


is  trying  to  bring  some  method 
to  the  March  Madness. 

Coleman  and  Allen  Lynch,  an 
economics  professor  at  Mercer 
University  in  Macon,  Ga.,  have 
derived  a  statistical  modeling  procedure 
called  the  Dance  Card.  Using  statistical 
software  called  SAS,  Coleman  crunches  all 
the  factors  the  selection  committee  consid¬ 
ers  when  it  decides  who  to  take  as  “at 
large”  teams  (teams  that  didn’t  get  an  auto¬ 
matic  bid  by  winning  their  conference).  All 
this  data  is  plugged  into  the  dance-card 
equation,  which  produces  a  “power  index” 
figure.  Coleman  then  ranks  the  teams  by 
power  index  and  determines  which  should 
make  the  cut. 


DIE-HARD  COLLEGE  HOOP  FANS 

always  mark  their  calendar  with  a  fateful 
day  in  March  known  as  Selection  Sunday. 
That’s  the  day  the  NCAA  Basketball 
Tournament  Selection  Committee  unveils 
the  65  teams  fortunate  enough  to  be  invited 
to  the  big  dance — the  NCAA  playoffs. 

Every  year  it’s  full  of  controversy.  There’s 
always  a  team  or  two  that  thinks  it  got 
cheated,  and  the  committee’s  deliberations 
are  shrouded  in  secrecy.  While  the  factors 
the  committee  is  supposed  to  consider  are 
public  knowledge,  no  one  knows  exactly 
how  it  arrives  at  its  final  decisions.  Jay 
Coleman,  an  operations  management  and 
quantitative  methods  professor  at  the 
University  of  North  Florida  in  Jacksonville, 


DATA  MODELING 

Method  to  the 
March  Madness 


Department 

cofBIG, 

ocary 

Numbers 


5,915:  Total  number  of  seats  on  the  boards  of  directors  of  Fortune 
500  companies  735:  Number  of  seats  held  by  women  serving  on 

434:  Number  of  Fortune  500  companies  with  at  least  one 
woman  serving  on  the  board  (up  from  419  in  1999)  10,656:  Total 
number  of  seats  on  the  boards  of  directors  of  Fortune  1000  com¬ 
panies  1,158:  Number  of  seats  held  by  women  serving  on  boards 


737:  Number  of  Fortune  1000  companies  with  at  least  one 
woman  serving  on  the  board  (up  from  729  in  1999) 

SOURCE:  CATALYST 


Coleman  used  this  model  to  predict  the 
past  two  tournaments.  In  2000,  it  correctly 
predicted  all  but  three  spots.  In  2001,  it 
missed  only  one.  “The  commit¬ 
tee  chose  Missouri,  and  we 
picked  Richmond,”  he  says, 
“but  after  the  selections  were 
made,  most  commentators  said 
Richmond  was  the  one  team 
that  got  the  shaft.”  He  also 
analyzed  all  the  selections  from 
1994  to  1999  and  found  his 
model  would  have  correctly 
predicted  94  percent  of  the 
available  at-large  bids  during 
that  time. 

Coleman  believes  this  type  of 
statistical  modeling  also  applies 
Continued  on  Page  26 


24  CIO  MARCH  15,  2002  •  www.cio.com 


ILLUSTRATION  BY  PATRICK  MEREWETHER 


WHAT  KIND  OF  DECISIONS  ARE  REQUIRED 
IN  TODAY'S  BUSINESS  CLIMATE? 

SMART  ONES. 


Arriving  at  a  smart  business  deci¬ 
sion  can  happen  anywhere.  But  the 
process  first  requires  information; 
information  that  needs  to  be  gathered 
from  multiple  sources,  then  analyzed 
and  shared  before  it  can  be  used  to 
your  advantage. 


I  Access.  Analyze.  Report.  Share/ 


The  challenge  today  is  twofold. 

One:  how  do  you  get  the  infrastruc¬ 
ture  in  place  to  access  disparate  data 
sources  and  create  and  distribute 
actionable  information?  And,  two: 
also  meet  the  demands  to  reduce 
costs  and  increase  productivity? 


You  turn  to  Crystal  Decisions™.  Our 
enterprise-wide  reporting,  analysis 
and  web-based  information  delivery 
solutions  have  a  proven  track  record 
of  helping  our  customers  better 
utilize  information  to  competitive 
advantage  and  profit. 


At  Crystal  Decisions,  the  makers  of 
Crystal  Reports®,  we've  met  the  standards 
of  our  key  partners  like  SAP,  IBM,  Microsoft 
and  Baan.  We're  confident  we  can  meet 
yours.  To  find  out  how,  visit  us  at: 
www.crystaldecisions.com/ent/006/ 
or  call  1-866-821-3525. 


crystal  decisions™ 

A  SEAGATE  COMPANY 


trendlines 


March 

Madness 

Continued  from  Page  24 

to  a  business  context.  “Any¬ 
time  you  have  a  binary  vari¬ 
able — either  you’re  in  or 
you’re  out,  or  in  a  business 
context,  you  decide  to  fund  a 
project  or  not — this  could  be 
applied,”  he  says.  “This  system 
can  take  major  criteria  in  a 
decision  and  at  least  estimate 
what  kind  of  weight  each  of 
these  criteria  received  in  the 
decision,  and  that’s  valuable 
information.”  Coleman’s  next 
project  might  be  to  tackle  col¬ 
lege  football — deriving  a  bet¬ 
ter  model  to  determine  who 
makes  the  Bowl  Champion¬ 
ship  Series. 


WEB  POLICY 

The  Dark  Side  of  the  Web 


SEX,  DRUGS,  GAMBLING-it’s  all  in  a 

day’s  work  for  Harold  Kester.  He  spends  his 
days  surfing  the  Internet  for  websites  dedi¬ 
cated  to  pornography,  racism  and  online 
gaming— sites  that  would  get  the  average 
employee  fired  in  a  second. 

As  the  CTO  of  Websense,  a  San  Diego- 
based  Web  filtering  software  developer, 
Kester’s  job  is  to  examine  suspicious  sites 
submitted  daily  by  its  clients.  He  and  his  staff 
classify  sites  according  to  28  different  lan¬ 
guages  (including  Urdu,  a  language  widely 
used  by  Muslims  in  Pakistan  and  India)  as 
well  as  78  content  categories  such  as  racism 
and  hate,  sex,  gambling,  violence,  drugs  and 
weapons.  The  newly  categorized  sites  are 
entered  into  a  master  database,  which  can 
then  block  certain  categories. 

Content  management  is  old  hat  for  Kester, 
the  former  CTO  of  Encyclopedia  Britannica. 
"I've  been  looking  at  text  classification  for  17 


years,  and  this  is  the  most  interesting  appli¬ 
cation  I’ve  had  for  that  background,"  he  says. 

That  doesn’t  make  it  easier  to  look  at 
some  of  the  things  he  sees.  Some  are  truly 
strange,  while  others  are  deeply  disturbing. 
“There  was  the  site  for  people  who  are 
addicted  to  Chapstick,”  he  recalls.  "Then 
there  were  the  sites  for  people  who  are  sexu¬ 
ally  interested  in  feet,  stuffed  animals,  really 
obese  women.  There  are  also  sites  that  advo¬ 
cate  rape  or  extreme  hate,  and  that’s  hard  to 
deal  with." 

Websense’s  clients  are  often  less  interested 
in  whether  their  employees  are  surfing  the 
Victoria’s  Secret  catalog  online  than  they  are 
in  maximizing  bandwidth  and  managing  pro¬ 
ductivity,  Kester  says.  They  just  want  to  be 
sure  people  aren’t  downloading  huge,  bulky 
sound  files  or  playing  Quake  for  hours  when 
they’re  supposed  to  be  working. 

-Simone  Kaplan 


ONLINE  LEARNING 

Sheep  Thrills 

By  Carol  Hildebrand 

SISTER  CITIES  AMAGASE,  Japan,  and  Westport,  New 
Zealand,  have  come  up  with  a  sheepish  way  to  foster  communica¬ 
tion  among  schoolchildren.  They’ve  set  up  websites  that  let  the 
Japanese  kids  adopt  and  name  lambs  from  the  Westport  area.  Each 
lamb  gets  its  own  website,  courtesy  of  personal  website  company 
Pdom.com  (www.lambsonline.co.nz). 

New  Zealand  schoolchildren  who  attend  St.  Canices  in  Westport 
update  the  sites  with  reports  about  the  lambs.  The  kids  from  both 
towns  regularly  exchange  e-mail  about  the  little  critters,  who  have 
been  dubbed  with  names  like  Luncheon,  Fluffy  and  Mavis.  Anyone 
can  send  an  e-mail  to  a  lamb  and  will  get  an  answer  courtesy  of 
the  New  Zealand  schoolkids,  says  Pdom.com  CEO  Robert  Wiles. 

Wiles  admits  the  project  may  sound  a  little  woolly,  but  it  gives 
the  kids  an  opportunity  to  learn  about  different  cultures,  as  well 
as  the  intricacies  of  the  Web.  “It  really  is  a  global  village  kind  of  a 
project,”  says  Wiles.  So  far,  about  10  lambs  have  been  adopted, 
he  says,  and  several  schools  in  Amagase  have  gotten  involved. 
The  St.  Canices  school  district  is  even  using  the  program  to  jump- 


start  a  Japanese  language  class  next  year,  he  adds. 

What’s  in  it  for  the  lambs?  Sadly,  only  a  little  special  treatment  in 
the  form  of  a  paddock  of  their  own  before  they  become  lamb  chops. 


26  CIO  MARCH  15,  2002  •  www.cio.com 


,  I  | 


Am 


YOUR 
I  E  NT  (El  M) 


ENTERPRISE  INCENTIVE 


PROVIDER 


Synygy  has  a  ten-year  history  of  successfully  implementing  Enterprise  Incentive  Management  (EIM) 
software  on  time,  within  budget,  and  with  consistently  high  client  satisfaction. 


Synygy  has  helped  Sun  Microsystems,  GE  Lighting,  DuPont,  Bausch  &  Lomb,  Fleet  Mortgage  Group,  Johnson  &  Johnson,  Coors  Brewing,  Siemens,  and  dozens  of 
other  Global  2000  companies  turn  their  variable  pay  plans  from  an  operational  hassle  into  a  strategic  advantage. 

Synygy  delivers  “software  as  a  service”  — providing  a  full  spectrum  of  EIM  solutions  from  enterprise  software  to  ASP  to  complete  plan  management 
outsourcing— all  with  no  up-front  cost  to  purchase  software. 


Visit  www.synygy.com  today  to  request  free  white  papers  and  case  studies.  Or  call  us  at  610-664-7433  x7970  to  learn  about  The  Synygy  Guarantee  and  why 
our  success  has  made  us  the  largest  provider  of  EIM  software  and  services.  We  guarantee  that  you  too  will  be  satisfied  with  your  Synygy  EIM  solution  — or 
we’ll  give  you  your  money  back! 


www.synygy.com 

Copyright  ©  2001  Synygy  Inc.  and  Masterfile.  All  Rights  Reserved. 


SYrYG  Y 


The  Incentive  Compensation  Company  ™ 


- trendlines - 

Washington  Watch 

_ _ X  Edited  by  Elana  Varon 


EPA  Targets  Computer  Recycling 


SURE,  YOU  WANT  to  be  environmen¬ 
tally  responsible  and  not  just  throw  those 
old  computers  into  the  local  landfill,  but 
you’re  hard-pressed  to  find  alternatives. 
The  U.S.  Environmental  Protection  Agency 
wants  to  help  by  setting  voluntary  standards 
for  disposing  of  or  recycling  old  CPUs  and  monitors. 

Mike  Shapiro,  principal  deputy  assistant  administrator  with  the 
EPA  Office  of  Solid  Waste  and  Emergency  Response,  says  more 
than  90  million  computers  will  become  obsolete  annually  by  2003. 
In  addition,  he  notes  that  as  of  1998,  only  13  percent  of  old  com¬ 
puters  were  recycled.  Many  computer  components,  such  as  cathode 
ray  tubes  in  monitors,  contain  lead  and  other  potentially  toxic  com¬ 
pounds  that  make  recycling  them  time-consuming  and  expensive. 

One  step  toward  solving  the  problem  is  an  EPA-run  program 
to  recycle  discarded  electronics  equipment  from  several  federal 
agencies,  including  the  EPA,  Department  of  Defense  and  the 


Department  of  Energy.  These  agencies  are  working  with  several 
electronics  manufacturers,  which  the  EPA  isn’t  naming  right  now, 
to  get  them  to  take  back  and  recycle  their  old  equipment. 

Clare  Lindsay,  a  project  director  in  the  Office  of  Solid  Waste  at 
the  EPA,  says  that  if  this  project  is  successful,  the  EPA  will  make 
public  its  list  of  manufacturers  who  agree  to  take  on  recycling  tasks. 
That  would  make  recycling  easier  for  CIOs,  who  could  return  old 
equipment  to  the  makers  rather  than  worry  about  following  dis¬ 
posal  standards  themselves.  Once  the  EPA  sets  disposal  and  recy¬ 
cling  rules,  expect  states  to  ban  the  dumping  of  old  computers  in 
landfills,  says  Lindsay. 

The  EPA  is  also  talking  with  electronics  vendors  about  design¬ 
ing  products  that  are  more  easily  recycled,  reused  or  upgraded  so 
that  they  don’t  have  to  be  thrown  away.  -Simone  Kaplan 

Would  you  send  old  computers  back  to  their  makers  for  recycling  if 
you  could?  E-mail  Staff  Writer  Simone  Kaplan  at  skaplan@cio.com. 


UCITA  Redux 


CIOS  HAVE  UNTIL  July  to  weigh  in 
on  the  latest  changes  to  the  Uniform 
Computer  Information  Transactions  Act 
(UCITA),  a  proposed  national  standard 
for  software  contracts.  That’s  when  the 
National  Conference  of  Commissioners 
on  Uniform  State  Laws  (NCCUSL)  will 
vote  on  16  amendments  designed  to 
give  corporate  and  individual  con¬ 
sumers  more  clout  with  vendors  when 
they  buy  software. 

If  the  amendments  don’t  pass 
muster  with  the  nonpartisan  NCCUSL, 
politics  will  determine  how  software 


licenses  are  written,  says  Carlyle  Ring, 
the  chairman  of  the  group’s  drafting 
committee.  "The  void  will  be  filled  by 
Congress,  and  [campaign  contributions] 
will  decide  the  debate.”  Ring  thinks 
there’s  enough  pressure  from  both  ven¬ 
dors  and  consumers  to  regulate  soft¬ 
ware  licenses  that  one  of  these  groups 
will  take  the  issue  to  lawmakers. 

Who  would  win  that  battle?  Barring 
a  consumer  uprising,  bet  on  the  ven¬ 
dors.  According  to  the  Center  for 
Responsive  Politics,  technology  compa¬ 
nies  donated  almost  $40  million  to 
political  parties  and  individual  cam¬ 
paigns  during  the  2000  election  cycle, 
making  them  the  seventh  largest  group 


of  contributors. 

So  far,  however,  UCITA  critics  aren't 
mollified  by  the  amendments  drafted 
by  NCCUSL’s  commercial  law  experts, 
which  include  language  to  protect  con¬ 
sumers  from  bugs  the  vendor  knows 
about  and  a  ban  against  vendors  dis¬ 
abling  software  remotely.  Attorneys 
General  from  32  states  think  UCITA 
can’t  be  fixed  and  should  be  aban¬ 
doned.  “The  proposed  amendments 
give  the  appearance  of  compromise 
without  the  substance  of  compromise,” 
says  David  McMahon,  a  board  member 
of  Americans  for  Fair  Electronic 
Commerce  and  Transactions,  an  anti- 
UCITA  lobbying  group.  -S.K. 


“Cybersecurity  is  simply  too  critical  and  too  endangered  to  be 
satisfied  with  the  solutions  that  are  currently  available  to  us. 


-Rep.  Sherwood  Boehlert  (R-N.  Y.) 


2  8  CIO  MARCH  15,  2002 


www.cio.com 


m&m 


Kou  //sfe/7  to  an  e-mail 


on  your  cellphone.  So  you  save  valuable  time 


when  on  the  road.  It's  possible  when  Avaya  transforms  your  company’s  voice  and  data  systems 
by  getting  them  working  together.  Reliably.  Securely.  With  our  innovations  in  voice  and  in-depth 


expertise  in  data,  efficiency  becomes  the  rule,  not  the  exception.  Find  out  why  more  than  90% 

.. 


of  the  FORTUNE  500 ®  use  Avaya  communications  to  power  their  business,  visit  avaya.com/nowone. 


AVAyA 


COMMUNICATION  WITHOUT  BOUNDARIES 


WIRELESS 


APPLICATIONS 


trendlines 


Palms  and 
Flippers  s„ 

WHEN  THREE  DOLPHINS  at  the 

National  Aquarium  in  Baltimore  became 
pregnant  last  year,  Hans  Keller,  director  of 
IS,  started  thinking  about  how  the  aquar¬ 
ium  would  keep  track  of  the  vulnerable 
infant  dolphins,  which  have  only  a  20  per¬ 
cent  survival  rate  when  born  in  captivity  to 
a  first-time  mother.  He  visited  another 
aquarium  that  had  just  finished  a  breeding 
observation  program  with  beluga  whales. 
“When  I  saw  they  had  15  binders  full  of 
paper  records,  I  thought  there  had  to  be  a 
better  way,”  says  Keller. 

Keller’s  IS  department  decided  to  use 
Pendragon  Forms  Software  applications 
tied  to  their  Microsoft  SQL  7  database  to 
capture  important  behavior  data  on  the 
mothers  right  away  in  order  to  pinpoint 


their  due  dates.  Once 
Spirit  was  born  in  April 
and  Raven  and  Maya 
followed  in  May,  staff 
members  and  volun¬ 
teers  observed  the  babies  around  the  clock. 
They  entered  data  on  nursing,  heart  and 
breathing  rates,  and  the  mothers’  responses 
to  their  young  into  Palm  Vx  devices.  During 
a  five-month  period,  staffers  and  volunteers 
logged  2,748  observation  hours  and  entered 
170,000  records,  all  on  six  Palm  devices. 

Keller  calls  the  wireless  program  a  suc¬ 
cess,  primarily  because  all  three  dolphin 
babies  survived  and  are  thriving,  aided  in 
part  by  the  extensive  data  the  aquarium 
collected.  If  any  small  problem  arose, 
marine  biologists  could  check  the  accumu¬ 


lated  data  and  respond  immediately.  Also, 
the  wireless  program  was  so  cost-effective 
(total  investment  for  equipment  and  soft¬ 
ware  came  to  roughly  $2,100),  the  IS 
department  is  looking  at  using  Palm  devices 
to  record  and  store  data  related  to  stranded 
or  stray  marine  mammals  brought  to  the 
aquarium  for  observation.  Keller  says  he’s 
willing  to  share  the  aquarium’s  modified 
applications  with  other  zoos  or  aquariums 
that  want  to  give  it  a  try.  “It  was  a  beauti¬ 
ful  experience,”  Keller  says.  “We’d  do  it 
again  in  a  heartbeat.” 


Secure  Your 

By  Danielle  Dunne 

WHAT’S  THE  EASIEST  way  to  hack 
into  a  company’s  unprotected  wireless 
network?  Pick  up  a  few  cheap  pieces  of 
equipment  and  sit  in  the  parking  lot. 
There  are  many  stories  of  people  lis¬ 
tening  in  on  corporate  networks,  but 
that  hasn’t  made  many  wireless  LAN 
users  take  notice.  By  the  end  of  last  year,  Gartner  predicted 
that  30  percent  of  companies  would  put  themselves  at  risk 
of  serious  security  exposures  by  using  wireless  networks. 

Here  are  a  few  ways  to  make  a  wireless  LAN  more  secure. 

•  Enable  the  security  features  that  come  with  the  wireless 
network.  Yes,  the  wired  equivalent  privacy  (WEP)  standard 
for  the  popular  802.11  LANs  has  been  broken  into,  but  a  little 
security  is  better  than  no  security  at  all. 

•  Don’t  use  default  or  obvious  passwords  or  keys. 


Wireless  Network 


•  Register  the  unique  media  access  control  (MAC)  addresses 
of  the  network  interface  cards  that  access  your  network.  It  is 
possible  to  fake  a  MAC  address,  but  again,  something  is 
better  than  nothing. 

•  Secure  the  access  points  by  putting  them  on  switched 
network  ports,  as  Gartner  suggests,  or  by  putting  them 
outside  a  firewall. 

•  Monitor  the  network. 

•  Monitor  physical  security.  Is  there  anyone  sitting  in  the 
parking  lot  trying  to  listen  in  on  the  network? 

•  If  your  applications  are  Web-based,  use  secure  socket  layer 
encryption.  This  adds  an  extra  layer  of  security. 

•  Use  a  wireless  virtual  private  network  (VPN)  or  other 
tunneling  protocol. 

It  may  be  impossible  to  eliminate  risk,  but  it  can  be 
mitigated,  especially  when  it  comes  to  wireless  LANs. 


3  0  CIO  MARCH  15.  2002 


www.cio.com 


op  pc  ATE 

M  W  W  tmtn  mm vrtty  i 


AppCate™  VPN  and  VPNPowerBox™  redefine  what  a  VPN  can  do  by  extending  e-security  all  the  way  from  the 
user  to  the  application.  You  thought  that  a  VPN  had  to  be  network  device  dependent?  Well,  the  AppGate  solution 
goes  further  by  offering  NAT  transparency,  network,  firewall  and  router  independency.  AppGate  offers  user 
interfaces  that  are  platform  independent  through  a  downloadable  Java™  client,  saving  your  enterprise 
distribution,  support,  and  deployment  costs.  AppGate  provides  the  scalability  to  an  unlimited  number  of  users 

and  flexibility  that  you  have  been  looking  for  in  a  VPN  solution. 


For  more  information,  visit  our  website  at  www.appgate.com  or  give  us  a  call  at  i-866-AppGate. 


appCATE 

We  take  e-security 


TM 


security  further 

tm  AppGate  and  VPNPowerBox  are  registered  trademarks  of  AppGate  AB;  java  is  a  registered  trademark  of  Sun  Microsystems,  Inc. 


©2001  AppGate 


trendlines 


Off  the  Shelf 


Edited  by  Carol  Zarrow 


Look  for  Trouble 

Managing  the  Unexpected:  Assuring  High 
Performance  in  an  Age  of  Complexity 
By  Karl  E.  Weick  and  Kathleen  M.  Sutcliffe 

Jossey-Bass,  2001,  $25 
Chances  are,  someone,  somewhere  in 
your  company  knows  something  right 
now  that,  if  kept  secret,  could  snowball 
into  one  really  big  problem.  How  effec¬ 
tive  your  company  is  at  getting  to — and 
acting  on — that  piece  of  information  is 
the  point  of  this  excellent 
book.  No  one  likes  change, 
but  none  of  us  has  a  choice. 
Taking  cues  from  high- 
reliability  organizations 
(HROs),  such  as  hostage 
negotiation  teams  and 
emergency  medical  units, 
the  authors  (both  profes¬ 
sors  of  organizational 
behavior)  have  garnered 
lessons  for  any  company 
that  wants  to  avoid  not  just  getting 
blindsided  by  the  unexpected  but  get¬ 
ting  derailed  by  it  because  of  top-down 
and  inflexible  management  systems. 

Five  hallmarks  define  the  HRO,  begin¬ 
ning  with  not  resting  on  success 
but  consistently  examining  fail¬ 
ures.  Included  in  Managing  the 
Unexpected  are  case  studies  of 
companies  that  faltered  badly  as 
well  as  assessment  guides  to 
help  you  change  your  own  com¬ 
pany.  You  may  not  deal  with 
life-and-death  decision  making 
(read  the  paragraph  on  working 
conditions  atop  an  oil-slicked 


and  seawater-washed  nuclear  aircraft 
carrier  flight  deck)  but  you’ll  learn 
valuable  procedures  to  help  get  you 
through  the  next  PR  disaster.  Or  terror¬ 
ist  attack.  -Janice  Brand 

Global  Thinking 

Developing  Global  Executives: 

The  Lessons  of  International  Experience 

By  Morgan  W.  McCall  Jr.  and  George  P. 
Hollenbeck 

Harvard  Business  School  Press,  2002,  $29.95 
Are  effective  global  leaders  born,  or  are 
they  made?  According  to  Developing 
Global  Executives ,  which  bases  its  find¬ 
ings  on  extensive  interviews  with  101 
executives  at  16  global  companies,  the 
answer  is — a  combination  of  both. 
Aimed  at  other  executives  charged  with 
developing  global  leaders,  this  book 
attempts  to  illustrate  how  companies 
can  best  select  and  then  prepare  those 
candidates  for  global  assignments. 

Most  insightful  are  the  sections  of  the 
book  where  the  global  executives  talk 
about  their  own  backgrounds,  exper¬ 
iences  and  lessons  learned  on  the  job. 
Unfortunately,  the  majority  of  the  book 
is  devoted  not  to  these  first- 
person  descriptions  but  to 
the  authors’  findings  and 
methodology.  And  what  they 
found  is  not  all  that  surpris¬ 
ing.  Of  the  27  lessons  they 
gleaned  from  their  inter¬ 
views,  only  three  are  unique 
to  global  executives.  And 
who  vividly  conveys  this  infor¬ 
mation?  The  interviewees 


C 


KalE.Vtetcfc 
KatWeen  M  SufefiHe 


Unexpected 


tearing 

PtftemaooMi. 


CIO  Best- 
Seller  List 

1.  Survival  Is  Not  Enough: 
Zooming,  Evolution,  and  the 
Future  of  Your  Company 

by  Seth  Godin 

The  Free  Press,  2002 

2.  Warrior  Politics:  Why  Leadership 
Demands  a  Pagan  Ethos 

by  Robert  D.  Kaplan 

Random  House,  2001 

3.  The  Art  of  Possibility 

by  Rosamund  Stone  Zander  and 
Benjamin  Zander 

Harvard  Business  School  Press,  2000 

4b  Raving  Fans:  A  Revolutionary 
Approach  to  Customer  Service 

by  Kenneth  H.  Blanchard 

William  Morrow,  1993 

5.  Jack:  Straight  from  the  Gut 

by  Jack  Welch 

Warner  Books,  2001 

SOURCE:  JANUARY  2002  DATA  COMPILED  BY 
WORDSWORTH  BOOKS.  CAMBRIDGE,  MASS. 


in  their  all-too-brief  firsthand  accounts. 
McCall  and  Hollenbeck  should  have 
taken  a  lesson  from  Fiction  Writing 
101:  Show,  don’t  tell.  -Megan  Santosus 


BOOK  TALK 

What  leaders  have  to  do  is  to  get  back,  get  beyond  the  emotion  around  [the  post-Sept.  11] 
situation  and  to  look  underneath  and  to  see  what  the  business  problem  is.  And  the  funda¬ 
mental  business  problem  that  we  have  right  now  is  one  that  we  ail  know  how  to  deal  with. 

It’s  a  market  upset.  -From  a  CIO  Radio  ( www.cio.com/radio )  interview  with  Winford  E.  “Dutch”  Holland, 

author  of  Red  Zone  Management:  Changing  the  Rules  for  Pivotal  Times  (Dearborn  Trade  Publishing,  2001) 


3  2  CIO  MARCH  15,  2002 


www.cio.com 


M  * 

f 

Stephen  Campbell 
CIO 

LendingTree 

\  v  , 

LendingTree 


LendingTree  -  www.lendingtree.com  -  “When  Banks  Compete,  You  Win® 
best  known  for  \ —  The  Leading  Online  Lending  Exchange 


It’s  not  just  e-Business. 
It’s  Real  Business. 


business  philosophy  \ —  Empower  consumers  and  lenders  by  “changing 

the  consumer  lending  game” 

When  we  surpassed  $15  billion  in  closed  loans 


Since  1996,  LendingTree  has  been  the  leader  in  connecting  lenders 
and  borrowers  on  the  Internet,  and  Digex  has  been  managing  the 
LendingTree.com  online  exchange  since  the  company  expanded 
to  offer  its  unique  service  nationwide  in  1998.  By  leveraging  its 
proprietary  Lend-XSM  technology  to  facilitate  its  online  exchange, 
LendingTree  streamlines  the  cumbersome  loan  process  and 
puts  consumers  in  a  position  of  control  as  lenders  compete  for 
their  business. 

Digex  provides  full  management  of  the  LendingTree.com 
lending  exchange  so  they  can  focus  on  their  mission: 
Leveraging  technology  to  empower  borrowers  and  lenders. 

To  learn  how  Digex  can  empower  your  Internet  business, 
call  1-866-344-3997  or  visitwww.digex.com/hosting. 


Managing  Business  on  the  Internet M 


trendlines 


INTERVIEW 

The  Commando  CEO 


DOES  THE  “C”  in  CEO  stand  for  com¬ 
mando?  It  might  in  this  case.  Guy 
Haddleton,  CEO  of  Adaytum,  a  Minnea¬ 
polis-based  software  company  he  founded 
1 1  years  ago,  served  in  the  New  Zealand 
Army  for  eight  years  in  the  1970s  and  early 
1980s — the  last  four  years  heading  up  coun¬ 
terterrorism  efforts  for  the  Special  Air 
Service.  Although  he’s  always  felt  like  a 
“born  entrepreneur”  (he  left  the  military 
to  pursue  an  MBA),  he  says  his  years  in  the 
special  forces  provided  valuable  lessons  for 
business — and  for  life. 

What  lessons  from  your  special  forces  days 
have  you  brought  to  bear  as  a  software 
company  CEO? 

I’m  a  great  believer  in  the  power  of  small 
teams  and  the  flexibility  they  provide.  My 
special  forces  days  taught  me  about  work¬ 
ing  in  small  teams,  understanding  and 
working  through  your  plan.  Another  thing 
about  special  forces  is  that  they  have  spe¬ 
cial  people.  The  same  is  true  in  business. 
You  have  to  recruit  outstanding  people. 
They’ve  got  to  be  talented,  well  trained, 
committed  and  self-disciplined.  When  we’re 
hiring,  we  look  at  the  strength  of  character 
and  the  talent  they  have.  The  power  of  a 
team  is  in  the  strength  of  the  people. 

I  also  learned  to  focus  on  intelligence. 
You  have  to  understand  what  your  ene¬ 
mies  would  do  so  you  can  walk  around 
them.  If  you  do  have  to  engage,  there  are 
three  tenets  in  the  special  forces:  speed,  sur¬ 
prise  and  shock.  Say  you’re  taking  out  a  ter¬ 
rorist  in  a  747.  First,  you  have  to  move  fast. 
Second,  you  need  to  surprise  him.  If  you’ve 
caught  him  unaware,  that  gives  you  three 
or  four  seconds  grace.  Then  you  stun  him. 
When  we  were  preparing  to  launch  our 
product,  our  corporate  intelligence  told  us 
the  competition  was  thinking  about  launch¬ 
ing  a  similar  product.  We  decided  we 
needed  to  move  our  launch  date  up  three 
months.  Some  of  the  employees  still 
have  scars  from  those  four  weeks  of 


18-hour  days,  but  we  achieved  that  surprise 
and  stunned  everyone. 

How  do  you  think  the  current  state  of  ter¬ 
rorism  anxiety  has  affected  the  corporate 
landscape? 

It’s  more  important  than  ever  that  you  have 
your  backup  plan  sorted  out  so  that  in  the 
event  you’re  struck  by  something,  you  go 
straight  into  recovery  mode.  You  must  be 
prepared  for  the  unexpected. 

Also,  visible  leadership  is  critical.  In  uncer¬ 
tain  times,  a  leader  has  to  be  in  front  and  talk 
about  what  the  company  is  doing.  That 


leader  has  to  have  the  trust  of  the  employ¬ 
ees.  They  need  to  know  there  is  a  plan  in 
progress,  and  although  this  ghastly  thing 
may  be  happening,  you’re  going  to  get 
through  it  together.  -Stephanie  Overby 


DIGI  TAL  ASSET  MANAGEMENT 

Movie  Re-Views 

DEEP  INSIDE  A  MOUNTAIN  outside  Pittsburgh,  there's  a  climate- 
controlled  vault  that  could  be  some  superhero’s  secret  fortress.  It’s  actually 
the  storage  facility  for  the  National  Geographic  film  library,  which  includes 
more  than  25,000  hours  of  footage  such  as  Jacques  Cousteau’s  first  television 
show  in  1965  and  the  output  of  critter-cams,  which  are  cameras  mounted  on 
the  backs  of  whales  and  other  creatures.  Formats  include  16-  and  75-millimeter 
film,  Betamax  and  digital  video.  Soon,  however,  everything  will  be  available  to 
download  at  the  click  of  a  mouse. 

More  than  2,000  hours  of  footage  have  already  been  digitized  and  loaded 
into  a  5-terabyte  database,  says  Matt  White,  National  Geographic  Television  & 
Film’s  vice  president.  National  Geographic  researchers  give  each  shot  meta¬ 
data  tags  that  catalog  the  actual  content,  as  well  as  other  attributes.  For  exam¬ 
ple,  a  shot  of  a  tree  in  the  middle  of  the  desert  would  come  up  under  a  search 
for  the  tree’s  species,  and  under  a  subjective  category  like  “lonely.”  The  2,000 
hours  of  video,  which  contain  more  than  300,000  individual  clips,  are  available 
in  Real  Player  and  ASF  formats  so  researchers  don’t  have  to  run  to  the  vaults  to 
physically  check  film  clips  to  ensure  the  footage  fits  their  needs.  White  says 
local  television  stations  looking  for  clips  of  exotic  animals,  such  as  the  recently 
discovered  giant  African  crocodile,  and  researchers  who  want  to  count  the  num¬ 
ber  of  times  a  critter-cam  captured  a  whale’s  fin  flipping  have  already  down¬ 
loaded  footage.  White  plans  to  work  his  way  through  the  archive,  converting 
2,000  hours  of  footage  a  year  for  the  foreseeable  future.  The  archive,  however, 
recently  acquired  thousands  of  hours  of  footage  from  the  World  Bank  and 
intends  to  acquire  more.  "It’s  a  never-ending  process,”  he  says.  -Ben  Worthen 


Yes.  It’s  a  gold  mine! 


-The  response  of  Scott  Stevens,  business  development  director  at  computer  forensics  software  maker  New 
Technologies,  when  asked  if  an  investigation  of  the  computer  systems  at  the  bankrupt  Enron  would  turn  up  the  contents  of  shredded  documents. 


3  4  CIO  MARCH  15,  2002 


www.cio.com 


red  trademarks  of  Acxiom  RTC.  Inc  AbrliTec'  is  a  trademark  of  Acxiom  Corporation.  Opticx  ’  is  a  servicemark  of  Acxiom  Corporation. 


Acxiom®  can  show  you  how  to  go 
further  than  ever  with  your  data. 

So  how  do  you  get  started?  With 
a  simple  report  called  OpticxT 
In  a  matter  of  days,  you’ll  receive 
a  data  analysis  that  could  reveal 
millions  of  dollars  in  opportunities. 
Then  we’ll  show  you  how  to  take 
advantage  of  those  opportunities 
by  integrating  InfoBase®  data 
products  into  your  customer 
data-driven  initiatives.  We  can 
also  introduce  you  to  relationship¬ 
building  tools  like  AbiliTec™  our 
market-leading  Customer  Data 
Integration  software  that  enables 
a  single  view  of  your  customer. 

If  your  marketing  and  customer 
relationship  programs  rely  on 
accurate  data  to  succeed,  you 
should  rely  on  Acxiom. 


ACXIOM 


www.acxiom.com 
PRIVACY  ASSURED 


Davenport  on 


Enterprise  IT  at 
the  Crossroads 

Companies  need  to  use  technology  for  long-term 
business  advantage  while  making  short-term  cost  cuts 

BY  TOM  DAVENPORT 

IT’S  A  DIFFICULT  TIME  for  enterprise  IT.  Many  companies  are  feeling 
the  weight  of  cost  reduction  pressures.  No  one  knows  exactly 
how  much  chopping  and  hacking  will  ultimately  be  required,  so 
companies  go  through  round  after  round  of  relatively  small 
cuts.  It’s  difficult  to  think  about  deriving  long-term  business 
advantage  from  technology  with  these  frequent  budgetary  bee 
stings.  Yet  we  know  that  things  will  eventually  turn  around,  and 
the  steps  taken  during  difficult  times  to  position  the  organiza¬ 
tion  could  really  pay  off  when  economic  life  gets  better. 

Most  organizations  need  a  bifocal  strategy  with  respect  to 
enterprise  IT:  short-term  cost  reduction  and  long-term  com¬ 
petitive  positioning.  Of  course,  bifocals  can  initially  be  disori¬ 
enting.  What  makes  for  cost  reduction  is  minimal  functionality, 
standards,  commonality  and  low  expenditure  of  labor.  What 
makes  for  competitive  advantage  is  differentiation,  a  close  fit 
with  the  business  model  and  human  effort  to  match  strategies 
to  systems.  However,  I  see  some  near-term  approaches  that 
aren’t  compromising  long-term  goals.  I’ll  also  describe  some 
further-out  actions  that  don’t  require  a  lot  of  spending — at  least 
not  today. 


The  Closer  View 

Cutting  short-term  costs  with  enterprise  IT  is  not  a  new  idea, 
and  we  can  rely  on  some  time-honored  techniques:  consolida¬ 
tion,  outsourcing,  process  improvement  and  so  on.  Consoli¬ 
dation  is  perhaps  the  most  promising  candidate.  Most  large 
companies  have  implemented  major  enterprise  systems  with 
multiple  instances  or  implementations.  It’s  likely  that  no  great 
competitive  damage  will  be  done  by  consolidating  instances 
across  the  organization,  and  consolidating  will  save  on  modifi¬ 
cation,  maintenance,  support  and  software  licensing  costs. 

The  cry  will  go  up  that  “our  business  is  different,”  but  the 
same  cries  went  up  in  many  companies  that  put  in  only  one  or 
two  instances  from  the  beginning,  and  everything  worked  out. 
Some  companies  didn’t  even  consider  the  possibility  early  on 
that  instances  could  be  shared,  so  consolidation  should  be  easy 
for  them.  One  European  company,  for  example,  put  in  400 


3  6 


CIO  MARCH  15,  2002 


www.cio.com 


ILLUSTRATION  BY  RICCARDO  STAMPATORI 


THE  BOOK  OF  (©BUSINESS 


WHAT’S  THE  LATEST  SCOOP  ON 

INTEGRATION? 


Free  Webcast  reveals  what 
the  infrastructure  experts  are  saying. 


Pssst.  Do  you  want  to  find  out  the  secrets  behind 
integrating  your  various  applications  and  your  multiple 
systems?  Pssst.  Want  to  unravel  the  mysteries  behind 
linking  your  internal  hardware  and  sof  tware  with  that 
vast  network  of  suppliers,  customers  and  business 
partners  out  there? 

Then  what  you  should  do  next  is  hardly  a 
puzzle.  Sign  up  for  a  series  of  Webcasts  on  e-business 
infrastructure.  The  Webcasts  are  absolutely  free  when 
you  register  by  phone  or  online.  Each  is  thirty  minutes 
long  and  sponsored  by  IBM  and  ITworld.com.  In  the 


first  one,  you'll  hear  expert  discussion  on  the  major 
integration  challenges  you  face,  including  perhaps 
the  biggest  of  all  challenges  —  maximizing  your  ROI. 
And  these  Webcasts  aren’t  just  theory,  either.  Because 
each  will  conclude  with  thorough  recommendations 
that  will  help  you  both  develop  a  successful  corporate 
strategy  and  point  you  to  a  full  range  of  resources  for 
additional  information. 

So  register  now  for  our  free  online  Integration 
Webcast.  And  get  yourself  the  latest  — absolutely  the 
very  latest  — on  integration. 


CLICK  OR  CALL  FOR  A  FREE  WEBCAST. 


(go  ibm.com/e-business/scoop  Q  1 800  IBM  7080,  ask  for  Scoop 


( e )  business  infrastructure 


*  LEGAL  NOTE ■  IBM,  the  e-business  logo  and  other  marks  designated  *  or™  are  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  Respondents  will  be  required  to  complete  a  registration  form  in  order  to 
participate  in  this  offer.  ©  2002  IBM  Corporation.  All  rights  reserved. 


Davenport  on... 


different  instances  of  SAP  across  its  diverse  businesses.  I’m 
guessing  that  there  might  be  enough  meaningful  variation  in  the 
company’s  businesses  to  justify  10  or  20  different  instances. 

Even  consolidating  across  single  modules  can  save  some 
bucks.  A  big  U.S.  bank,  for  example,  let  every  major  business 
unit  decide  on  its  own  what  systems  it  needed  for  human 
resources.  Fortunately,  every  unit  chose  PeopleSoft  software, 
but  there  are  minor  variations  in  implementations.  Eliminating 
those  variations  and  operating  off  one  instance  for  the  entire 


What  makes  for  competitive  advantage  is 
differentiation,  a  close  fit  with  the  business 
model  and  human  effort  to  match  strategies 
to  systems. 


company  could  save  a  passel  of  money,  and  it’s  highly  unlikely 
that  the  company’s  competitive  advantage  derives  from  its 
unique  HR  system  implementations. 

Process  improvement  can  play  a  role  in  short-term  cost 
reduction,  but  you’ve  got  to  be  looking  at  it  through  the  right 
lens.  The  nearsighted  view  on  process  improvement  doesn’t 
mean  total  quality  management  or  Six  Sigma  or  radical  reengi¬ 
neering.  It  simply  means  reviewing  key  processes  and  chop¬ 
ping  out  non-value-adding  activities. 

Since  most  applications  don’t  provide  much  competitive 
advantage,  it  often  makes  sense  to  hand  them  over  to  people 
who  specialize  in  implementing  and  running  them.  The  trend 
seems  to  be  to  outsource  not  only  the  application  but  also  the 
performance  of  the  related  process.  If  you’re  having  someone 
else  run  the  general  ledger  system,  why  not  have  him  take  over 
your  basic  accounting  processes  as  well? 

The  only  glitch  here  is  integration.  If  you  ask  one  outsourcer 
to  take  over  HR  management,  another  to  take  over  account¬ 
ing  processes  and  another  to  take  over  manufacturing,  you 
might  wonder  how  information  and  processes  will  flow  in  an 
integrated  way  across  these  functions.  As  a  result  of  this  valid 
concern  I  expect  that  we’ll  begin  to  see  outsourcers  take  on  mul¬ 
tiple  functional  pieces  and  be  responsible  for  their  integration. 

The  Farsighted  Perspective 

Now  look  through  the  top  lens  of  the  bifocals,  and  think  of 
ways  to  improve  long-term  competitive  positioning  with  enter¬ 
prise  IT — without  spending  a  lot  of  dough  in  the  short  run.  I 
believe  the  keys  to  this  perspective  involve  using  company  and 
industry-specific  applications,  installing  new  package  modules, 


continuing  to  connect  the  ERP  dots,  reengineering  and  taking 
the  interorganizational  perspective. 

Enterprise  IT  has  become — and  perhaps  was  from  the  begin¬ 
ning — a  commodity.  Every  business  has  it,  it  works  roughly  the 
same  way,  and  the  only  way  to  extract  a  drop  of  competitive  advan¬ 
tage  from  it  is  to  install  it  for  less  or  tailor  it  on  the  margins  to  fit 
your  company.  The  only  real  way  to  get  advantage  is  to  develop 
your  own  stuff.  For  the  parts  of  your  business  that  are  truly  dis¬ 
tinctive  and  core  to  your  success,  it  makes  sense  to  build  your  own 
and  interface  it  with  the  rest  of  your  enterprise  sys¬ 
tems.  Intel  did  it  with  manufacturing  and  product 
design  systems;  Compaq  with  production  forecast¬ 
ing  and  product  configuration.  Every  business 
ought  to  be  thinking  about  some  killer  app  that  it 
doesn’t  want  to  share  with  the  rest  of  the  world. 

If  you  think  you  can’t  afford  your  own  stuff, 
you  can  at  least  partner  with  a  vendor  or  other 
companies  in  your  industry  to  customize  systems 
to  your  specific  processes.  That’s  what  Reebok 
International  did  with  SAP  to  make  the  system 
work  for  selling  apparel  at  retail.  A  group  of  oil  companies 
worked  together  to  create  IS-Oil,  a  tailored  version  of  SAP  that 
now  goes  by  the  name  MySAP  Oil  &  Gas.  There’s  a  version  of 
PeopleSoft  customized  to  work  for  state  governments.  And  so 
on.  The  upside  is  that  sharing  the  work  with  a  vendor  means  you 
don’t  have  to  pay  for  it  all.  The  downside,  of  course,  is  that 
others  get  to  use  the  system,  but  you  can  at  least  be  first. 

Contrary  to  how  it  was  viewed  in  the  early  1990s,  business 
process  reengineering  (at  least  when  done  correctly)  is  a  long¬ 
term  solution,  not  a  short-term  palliative.  But  it’s  still  a  good 
idea  when  radical  IT-enabled  change  is  necessary.  Look  beyond 
the  old  standby  processes  of  order  management  and  procure¬ 
ment,  and  focus  on  those  that  help  to  achieve  more  desirable 
products  and  services  in  the  marketplace,  such  as  marketing  and 
product  development. 

Finally,  there’s  a  lot  of  interest  in  transforming  interorganiza¬ 
tional  relationships  with  enterprise  IT.  In  case  you  were  waiting 
for  my  endorsement  of  this  activity,  you  have  it — but  with  a 
strong  caution.  It’s  a  truly  long-term  initiative  to  develop  seam¬ 
less  transactions  with  your  customers  and  suppliers — maybe  a 
decade  or  so  if  you  haven’t  started  already.  And  try  not  to  part¬ 
ner  with  the  rest  of  your  industry  as  you  do  this,  or  your  dis¬ 
tinctive  products  and  services  will  end  up  as  just  another  line 
on  a  crowded  computer  screen.  That’s  one  purpose  for  which  we 
don’t  want  bifocals  to  be  employed.  HID 


Tom  Davenport  is  the  director  of  the  Accenture  Institute 
for  Strategic  Change  and  a  distinguished  scholar  at 
Babson  College.  You  can  reach  him  at  davenport@ 
darwinmag.com. 


3  8  CIO  MARCH  15,  2002 


www.cio.com 


PHOTO  BY  FURNALD/GRAY 


Collaboration— it  all  begins  with  a  shared  vision 

In  times  like  these,  you  can’t  afford  to  partner  with  someone  who’s  single-minded.  There  must 
be  a  shared  vision  and  shared  ideas  right  from  the  start.  We’re  talking  about  collaboration. 
The  method  of  constant  dialogue  and  complementary  skills  interacting  to  create  better 
solutions.  Solutions  that  address  your  business  challenges,  make  the  most  of  your  existing 
infrastructure,  and  deliver  results  on  your  IT  investment.  At  Fujitsu,  we  work  very  closely 
with  our  clients  from  the  outset,  fostering  great  relationships  through  our  unique  approach 
to  consulting  and  services,  the  antithesis  of  prefabricated  solutions.  Information  technology 
is  not  the  panacea.  Collaboration  is.  Together,  we  can  accomplish  anything. 

It’s  an  approach  that  further  benefits  from  the  expertise  and  resources  of  the  entire 
Fujitsu  group,  which  has  long  provided  world-class  technology  and  platform  products  all 
over  the  globe.  The  result?  Business  solutions  that  many  may  promise  but  few  can  deliver. 


FUJITSU 


roget 

her,  t 

he 

possi 

bi 

i 

ties  are 

• 

fin 

it 

Fujitsu  Consulting 

With  a  global  economy  and  fierce  competition  pressuring  their  bottom  line,  most 
companies  today  seek  a  more  rapid  and  measurable  return  on  their  IT  investment. 

Knowing  this,  Fujitsu  has  been  building  a  results-focused,  global  consulting 
organization  to  be  known,  starting  in  April,  as  Fujitsu  Consulting.  This  new 
organization-comprising  what  is  currently  DMR  Consulting,  Fujitsu  Systems 
Business  of  America  and  other  businesses  within  Fujitsu-provides  a  full  breadth 
of  consulting  and  services  that  help  clients  design,  integrate  and  maintain 
high-impact,  strategic  business  solutions. 

Industry  and  business-process  knowledge 

Whether  it’s  core  back  office,  front  office  or  extended  functions,  Fujitsu 
Consulting  has  an  excellent  track  record  in  building  relevant  solutions  that 
enable  companies  to  better  serve  their  customers  and  collaborate  with  their 
extended  supply  chain  of  employees,  vendors  and  partners. 

Customer  solutions 

Fujitsu  Consulting  creates  tailored  solutions  for  a  variety  of  industries,  such 
as  enhanced  billing  systems  for  telecommunications  clients,  “straight-through 
processing”  to  reduce  risk  and  lower  costs  for  financial  services  clients, 
and  e-business  strategies  and  innovative  business  intelligence  solutions 
for  government.  Through  our  Application  Portfolio  Management  service, 
we  enable  clients  to  reduce  their  IT  costs  and  free  up  resources  to  focus  on 
their  core  business. 

Unique  ROI-focused  methodology 

Fujitsu  has  a  long  history  of  delivering  ROI  for  its  clients.  Our  unique,  proven 
methodology  enables  the  delivery  of  tangible  business  results.  The  methodology 
starts  by  focusing  on  the  results  the  client  expects  to  achieve  from  their 
investment.  It  then  provides  a  road  map  through  the  design,  implementation 
and  operation  of  the  solution  to  ensure  the  achievement  of  the  desired  results. 

Fujitsu— a  different  way  of  working 

At  Fujitsu  Consulting,  we  live  and  breathe  three  simple  but  revolutionary  ideas: 
deep  collaboration  with  our  clients,  an  eye-to-eye  approach,  and  a  passion  for 
rolling  up  our  sleeves  and  getting  the  job  done.  It  is  the  unique  combination  of 
global  scope  and  human  scale  that  sets  us  distinctly  apart  from  our  competitors 
and  makes  us  so  attractive  to  our  clients. 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 

us.fujitsu.com 


©2002  Fujitsu.  All  rights  reserved. 


ILLUSTRATION  BY  CHRISTOPH  HITZ 


World  View 

Doing  Business  Globally 


When 
Face-to-Face 
Doesn’t  Fly 

With  travel  budgets  slashed,  conferencing 
technologies  can  help  global  companies  fill  the 
communication  void,  but  only  up  to  a  point 

BY  DAVID  DOBRIN 

»  ONCE  MET  A  WOMAN  on  a  plane  heading  to  Chicago  who  had 
logged  275,000  miles  so  far  that  year — and  it  was  August.  She 
bought  companies  for  General  Electric,  and  a  lot  of  those  com¬ 
panies  were  in  South  Africa,  Thailand  and  Brazil.  To  do  her  job, 
she  was  averaging  more  than  1,000  miles  a  day  in  the  air.  In 
Mexico  City,  she  picked  up  the  Airphone  and  started  making 
calls.  Only  on  the  approach  to  Chicago  did  she  put  it  down. 

I’m  not  terribly  sympathetic  to  these  road  warrior  heroics. 
Did  she  really  have  to  be  there  in  person  for  all  those  meet¬ 
ings?  The  phone  is  a  wonderful  invention — something  she 
apparently  already  had  figured  out;  if  she  needed  to  review 
documents,  there’s  Web  conferencing  or  videoconferencing. 

Before  Sept.  1 1,  there  was  little  debate:  If  a  meeting  was 
really  important,  you  had  to  be  there.  Post  Sept.  11,  the  travel 
picture  has  changed.  Yet  companies  still  need  to  hold  global 
meetings.  Now  that  there  is  a  strong  sentiment  not  to  fly,  busi¬ 
nesses  must  figure  out  how  else  to  facilitate  important  meet¬ 
ings  among  people  in  other  countries  and  on  other  continents. 

To  hold  important  meetings  among  a  disparate  audience, 
there  are  three  technologies  available:  teleconferencing,  Web 


conferencing  (using  the  Internet  to  share  files  while  talking  on 
the  phone)  and  videoconferencing  (which  can  be  combined  in 
various  ways  with  the  other  two). 

None  of  the  technologies  is  as  good  as  being  there  in  per¬ 
son,  especially  when  the  meeting  crosses  cultures,  borders,  lan¬ 
guages  and  time  zones  (in  other  words,  when  a  meeting  is 
global).  Yet  when  travel  isn’t  an  option,  one  technology  works 
better  than  another  for  specific  kinds  of  meetings.  Therefore, 
treat  each  technology  as  having  a  different  kind  of  business 
use  or  purpose.  If  the  CIO  can’t  get  the  team  together  in  per¬ 
son,  he  should  run  the  meeting  in  a  way  that  recognizes  the 
limitations  of  conferencing  technology. 

A  lot  of  CIOs  think  that  their  job  ends  when  they  buy  the 
right  conferencing  technology.  Think  again.  CIOs  have  a 
responsibility  to  see  that  any  technology  is  used  effectively. 
Besides,  CIOs  are  investing  IT  money  (no,  it’s  not  coming  out 

www.cio.com  •  MARCH  15,  2002  CIO  43 


World  View 


of  the  decimated  travel  budget),  so  they  want  to  make  sure 
their  investments  are  put  to  good,  effective  use. 

Therefore  it’s  necessary  to  recognize  where  remote  confer¬ 
ences — when  conducted  correctly — are  genuinely  more  effective 
than  the  in-person  alternatives. 

Look  at  Web  conferences.  As  an  analyst,  I  listen  to  a  lot 
of  earnings  reports.  Three  years  ago,  CEOs  did  these  meet¬ 
ings  in  person  with  key  analysts  or  else  did  them  much  less 
effectively  as  teleconferences.  Now,  Web  conferencing  tech¬ 
nology  has  taken  over. 

With  Web  conferencing,  a  company  can  bring  in  many  more 
analysts,  and  indeed,  it  is  now  routine  to  time  earnings  reports 
so  that  they  can  include  the  European  community.  For  their 


part,  the  analysts  can  ask  questions  and  listen  to  answers.  From 
the  company’s  perspective,  no  one  has  to  waste  time  and  money 
putting  on  an  event. 

Web  conferencing  is  optimal  when  a  meeting  is  basically  a 
form  of  broadcast,  where  one  person  does  most  of  the  talking 
but  there  may  be  a  few  questions  from  the  listeners.  The  tech¬ 
nology  is  also  effective  when  the  speaker  works  from  a  docu¬ 
ment  such  as  an  earnings  report  or  a  PowerPoint  presentation. 

For  global  meetings,  Web  conferencing  surpasses  teleconfer¬ 
encing  for  broadcasting  purposes  because  differences  in  lan¬ 
guage  or  time  zones  are  exacerbated  with  teleconferences.  With 
a  shared  document,  the  meeting  can  be  more  inclusive  for  a 
longer  period  of  time.  Conversely,  if  teleconferencing  is  used 
for  broadcasting,  the  meeting  should  be  shortened  accordingly. 

There  are  times  when  a  meeting  demands  real  interaction, 
and  videoconferencing  seems  like  a  viable  solution.  But  be  fore¬ 
warned  that  the  technology  leaves  a  lot  to  be  desired,  particu¬ 
larly  when  an  international  crowd  is  involved. 

A  year  or  so  ago,  I  was  on  a  global  project  for  a  large 
American  electronics  company  where  the  Irish  contingent  felt 
(quite  justly)  that  their  needs  were  not  being  respected  by  the 
team  as  a  whole.  The  company’s  solution  was  to  hold  meet¬ 
ings  using  videoconferencing. 

cio.com _ 

Can  remote  conferencing  technologies  replace  the 
face-to-face  meeting?  Go  to  CIO  READER  POLL  at 
www.cio.com/readerpoll. 


It  was  a  nightmare.  First  of  all,  a  lot  of  these  videoconfer¬ 
ences  started  at  1  p.m.  (6  p.m.  Irish  time)  and  went  on  in  the 
way  of  undisciplined  meetings  everywhere.  When  I  was  on 
(and  I  was  on  a  lot),  I  tried  to  include  our  Irish  colleagues, 
but  I  often  failed — forgetting  to  look  in  the  camera  when 
things  got  interesting  and  neglecting  to  respond  if  the  people 
in  Ireland  raised  their  hands. 

By  using  videoconferencing  purely  as  a  substitute  for  an  in- 
person  meeting,  we  forced  everyone  to  put  in  the  same  amount 
of  time — and  even  more  attention — that  they  put  into  a  regu¬ 
lar  meeting.  Yet  we  got  only  the  illusion  of  personal  contact. 

Videoconferencing  works  better  when  only  a  few  people 
are  involved  and  when  the  meetings  don’t  have  much  formal 
structure.  In  essence,  videoconferencing  is  fine  when 
used  by  two  people  with  Web  cameras  having  a  short 
conference  but  falls  short  when  used  by  20  people 
from  three  countries  in  an  all-day  marathon. 

To  facilitate  communication  on  a  global  scale,  there 
are  three  rules  of  thumb  for  using  these  technologies 
in  a  more  nuanced  way.  First,  the  more  broadcasting 
there  is  in  a  meeting,  the  more  appropriate  telecon¬ 
ferencing  or  Web  conferencing  is.  But  don’t  expect  the  broad¬ 
cast  to  be  as  effective  as  in-person  broadcasts.  Second,  confer¬ 
encing  technologies  put  more  strain  on  participants,  so  make 
videoconferences  or  Web  conferences  shorter  than  the  corre¬ 
sponding  meetings  would  be,  and  involve  fewer  people.  Third, 
don’t  expect  any  technology  to  substitute  for  travel.  The  remote 
participants  at  a  Web  conference  just  won’t  take  away  what 
they  would  if  they  were  meeting  in  person. 

While  wholesale  travel  is  now  no  longer  possible,  remote 
conferencing  can  be  enhanced  when  more  reliance  is  placed 
on  asynchronous  technologies.  A  friend  of  mine  tried  to  use 
Web  conferences  for  sales  pipeline  meetings,  rather  than  flying 
all  over  the  world.  They  didn’t  work  too  well;  the  Web  confer¬ 
ences  were  not  nearly  as  effective  as  the  face-to-face  meetings, 
where  he  would  glare  at  a  salesperson  who  claimed  a  customer 
was  in  the  bag  and  the  salesperson  would  quail  and  retreat. 

But  the  Web  conferences  got  more  effective  when  he  required 
salespeople  to  file  frequent  progress  reports  and  then  used  Web 
conferencing  to  hold  impromptu  meetings  when  the  report 
seemed  to  call  for  his  help.  He  couldn’t  glare  during  these  meet¬ 
ings,  but  he  often  didn’t  need  to. 

While  remote  conferencing  technology  can  satisfy  some 
global  communication  needs,  accept  the  fact  that  you  may 
have  to  meet  in  person.  BE] 


Questions  or  comments?  Let  Senior  Editor  Megan 
Santosus  know  at  santosus@cio.com.  David  Dobrin  is 
president  of  B2B  Analysts,  a  software  consultancy  based 
in  Cambridge,  Mass. 


Videoconferencing  leaves  a  lot  to  be 
desired,  particularly  when  an  international 
crowd  is  involved. 


4  4 


CIO  MARCH  15,  2002 


www.cio.com 


r 


THE  STRAIGHT  GOODS  ON  APPLICATION  SERVERS. 


> 


V 


"AN  APP  SERVER  IS  ALL 
YOUR  e-BUSINESS  NEEDS.” 

Pure  delusion.  True,  an  app  server 
can  be  thought  of  as  the  integration 
engine  driving  your  e-Business. 

But,  it's  still  just  one  component  of 
your  e-Business.  And  just  one.  Let's 
not  forget  the  development  tools,  the 
adapters,  DBMS  solutions,  wireless 
servers  and  a  host  of 
other  components.  And 
here’s  the  crunch:  the 
ability  to  integrate  them. 

Anything  less  simply 
won't  carry  you  into  the 
future.  Sybase  provides 
all  these  components. 

Of  course,  EAServer 
runs  as  the  integration 
engine  unifying  these 
components  into  your 
company's  infrastructure. 

"WE'RE  MORE 
J2EE  THAN  THE 
OTHER  GUYS.” 

We  hear  this  one  a 
lot.  We  assure  you  it 
is  complete  nonsense. 

You're  J2EE  compatible 
or  you're  not.  It's  not  a 
sliding  scale.  It's  simply 
either/or.  Yes  or  no.  It's 
an  utterly  and  totally 
binary  situation. 

For  the  record,  EAServer 
is  J2EE  compatible.  In  fact,  we  were 
among  the  very  first  application  servers 
to  be  certified.  We  also  support  C  and 
C++,  COM,  CORBA,  and  of  course,  our 
own  PowerBuilder. 

You  won't  find  more  comprehensive 
support  for  the  leading  technologies 
and  applications  most  prevalent  in 
e-Business  today. 

"CLUSTERING  WORKS  BUT  ONLY  IN 
ONE  PLACE  AT  A  TIME.” 

Any  true  24x7  e-Business  depends 
upon  availability.  And  the  most 
certain  way  to  ensure  availability  is 
with  clustering.  Now,  some  say  you 


can  only  effectively  cluster  in  one 
place  at  a  time.  Smart  thinking  until 
an  unexpected  power  outage  brings 
down  your  call  center's  data  systems. 
Others  say  you  can  cluster,  but  only 
one  operating  system  at  a  time. 
Which  means  you  can  never  throw 
an  NT  box  into  a  Unix  cluster  or 
vice  versa.  We  beg  to  differ  on  both 
counts.  EAServer  lets  you  cluster 
any  way  your  e-Business  demands. 


Even  if  that  involves  the  clustering  of 
two  different  operating  systems  in  two 
different  geographical  locations. 

“IT'S  OUR  WAY  OR  THE  HIGHWAY.” 

This  is  usually  couched  in  somewhat 
softer  terms.  Something  like  this: 
"Let's  start  fresh.  Get  rid  of 
everything  you've  got.  Make 
the  switchover  to  our 
stuff.  And  welcome 
to  the  New  World." 

What  this 
always  translates 
into  is  one  great, 
ugly  and  brutish 
migration  nightmare. 


SYBASE  e 
BECAUSE  EVERYTHING 


-BUSINESS  SOFTWARE 
WORKS  BETTER  WHEN 


Avoiding  the  horror  of  this  is  one  of 
the  very  best  arguments  in  favor  of 
Sybase  EAServer. 

Not  only  do  we  guarantee  that  we 
will  make  all  of  your  systems  work 
together,  we'll  show  you  how  you  can 
migrate  to  your  new  technologies 
without  disrupting  your  current 
information  systems.  Or  your  business. 
Absolutely  no  pain.  Lots  of  gain. 


“OUR  BENCHMARKS 
MIRROR  YOUR 
REALITY." 

What  happens  in  a 
carefully  set-up  study  to 
prove  a  marketing  claim 
is  the  marketing  claim 
gets  proven.  It's  not 
rocket  science. 

We  do  benchmarks, 
too.  We  just  got  some 
back  that  say  our 
application  server 
is  faster  than  the 
best-selling  app  server 
in  the  business-to- 
consumer  market. 
Surely,  real-world 
performance 
measurements,  not 
contrived  marketing 
benchmarks,  are  more 
important  to  running 
your  real-world  business. 
Let's  talk. 


GET  THE  WHOLE  TRUTH.  OR 
AT  LEAST  OUR  SIDE  OF  THE  STORY. 

We  believe  EAServer  deserves  your 
full  consideration.  We  won't  stretch 
or  distort  facts  to  convince  you  of 
our  viewpoint.  But  we  would  like  to 
give  you  all  the  arguments  in  favor 
of  our  case. 

Visit  www.sybase.com/truth.  Or  you 
can  call  1-800-8-SYBASE.  And  thanks 
for  letting  us  clear  the  air. 

S  Sybase 

Information  Anywhere' 


EVERYTHING  WORKS  TOGETHER: 


*2002  Sybase,  Inc.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners. 


HIRING 


FIRING 


INSPIRING 


Hot 

Seat 


Inside 

MANAGEMENT  BRIEFS 

Multitasking.  “Switching-time" 
costs  and  training  tools 


LEADERSHIP  IMPERATIVE 

By  Susan  Cramm.  What  CIOs 
should  do  in  their  first  100  days 


Ask  Susan  Cramm  your  leadership 
and  management  questions  at 
www.  cio.  com/research/ 
leadership/imperative,  html. 


How  comfortable  do  you 
find  the  hot  seat?  E-mail 
Leadership  and  Management 
Editor  Edward  Prewitt  at 
hotseat@cio.com. 


How  to  Succeed  in 
Strategic  Planning 

CIOs  have  two  important  roles.  They’re  not  easily  performed. 

BY  MARK  GORDON 


A  decade  ago,  most  CIOs  had  to  beg  or 
negotiate  their  way  into  the  organiza¬ 
tion’s  strategic  planning  process.  Things 
are  different  now.  Few  CIOs  today  find 
it  necessary  to  plead  for  a  place  at  the 
table,  says  Michael  Earl,  director  of  the 
London  Business  School’s  Centre  for  the 
Network  Economy.  Elis  research  indi¬ 
cates  that  more  than  half  of  CIOs  are 
being  invited  to  take  a  seat.  “The  expec¬ 
tations  have  changed.  In  most  sophisti¬ 
cated  corporations,  it  is  simply  assumed 
that  CIOs  will  be  involved  in  strategic 
planning,”  he  says. 

Near-constant  reassessment  might  be 
the  defining  characteristic  of  contem¬ 
porary  strategic  planning.  “The  cycle 
these  days  is  very,  very  short,”  notes 
Earl.  “In  many  corporations,  the  strate¬ 
gic  plan  is  reviewed  monthly,  even 
weekly.”  Frequent — some  might  say 
frantic — reassessment  is  also  the  coin 
of  the  realm  in  IT,  and  CIOs  are  there¬ 
fore  accustomed  to  making  quick  judg¬ 
ments  about  new  technologies.  As  a 
result,  CIOs  are  uniquely  suited  among 
their  colleagues  to  take  a  leading  posi¬ 
tion  in  the  ongoing  development  of  the 
strategic  plan. 

Once  CIOs  are  seated  in  the  board- 
room,  however,  precisely  what  role  do 
they  play  in  strategic  planning?  For 
answers,  look  to  technological  change — 
which  is,  after  all,  why  CIOs  were  invited 
to  the  strategic  planning  process  in  the 
first  place.  “The  Internet  has  changed  for¬ 
ever  the  notion  of  business  and  IT  strati¬ 
fication,”  says  Ryan  Nelson,  director  of 
the  Center  for  the  Management  of 
Information  Technology  at  the  University 
of  Virginia’s  Mclntire  School  of  Com¬ 
merce.  “Along  with  applications  like  ERP 


and  CRM,  e-commerce  has  brought  IT 
front  and  center  to  the  executive  table.” 

The  Technology  Scout 

One  challenge  CIOs  face  is  synchroniz¬ 
ing  the  company’s  vision  with  the  pace 
of  technological  change.  Once,  organi¬ 
zations  could  fashion  mid-  and  long- 
range  plans,  confident  in  the  relative  sta- 


CIOs  have  to  keep  up  with  technology 
developments,  but  more  importantly 
they  must  determine  when  their 
company  can  adopt  new  technologies 
and  systems  to  the  best  effect,  says 
Marriott  International  CIO  Carl  Wilson. 

bility  of  their  underlying  assumptions. 
Today,  that  same  five-,  three-  or  even 
one-year  window  may  represent  an 
entire  generation  in  business-critical 
technologies.  Which  begs  a  question: 
Is  it  even  possible  to  plan  strategically — 
that  is,  with  a  view  to  the  long  term — 
in  such  an  environment? 


46  CIO  MARCH  15,  2002  •  www.cio.com 


PHOTO  BY  CHRIS  HARTLOVE 


The  only  thing  that  matters  is  the  bottom  line 

Customer  retention,  operational  efficiencies,  cost  reductions,  and  improved  revenues  -  these 
are  the  measures  of  ROI.  That's  what  Pegasystems'  software  solutions  have  been  delivering 
for  over  19  years  at  companies  like  Bank  of  America,  Chase  Bank,  and  Blue  Cross  Blue 
Shield  of  MA.  It's  about  Pegasystems'  superior  rules-driven  process  automation  solutions. 

If  you've  had  enough  BLAH  and  not  enough  ROI,  it's  time  for  Pegasystems  to  show  you  how 
to  impact  your  bottom  line.  Call  1-888-781-PEGA  (7342)  or  visit  us  online  atwww.pega.com 


Where  Rules  Mean  Business. 


“Yes,  it  is  possible 
to  [develop  a]  vision 
and  plan  out  three 
years  in  advance,” 
declares  Carl  Wilson, 
executive  vice  presi¬ 
dent  and  CIO  of  Marriott  International 
in  Washington,  D.C.  “Although  when 
technology  was  more  static,  one  did  have 
a  clearer  view  of  a  few  years  out.”  The 
trick  is  gauging  how  soon  new  technolo¬ 
gies  will  be  assimilated  by  society  at  large, 
he  says.  This  is  where  the  CIO’s  role  as 
technology  scout  is  most  valuable  to  his 
partners  in  the  executive  suite. 

“For  instance,  over  the  last  two  years 
we’ve  seen  a  lot  of  push  by  the  vendors 
of  wireless  technology,”  says  Wilson,  who 
has  been  a  part  of  Marriott’s  strategy 
process  for  five  years.  “Now  there  is  no 
doubt  that  wireless  is  going  to  be  a  major 
factor  in  delivery  capability  to  individuals 
and  within  companies.  The  question  for 
us  is  whether  we  make  a  major  investment 
in  the  bleeding  edge  of  wireless  when  we 
know  that  only  1  percent  of  the  popula¬ 
tion  is  currently  using  it  at  that  level.  Or 
do  we  say,  ‘Let’s  stay  open  here,  move 
carefully,  wait  until  the  consumer  starts 
to  pull,  and  then  adopt  quickly.’” 

The  16th-century  Japanese  military 
strategist  Miyamoto  Musashi  once  wrote, 
“Perception  is  strong  and  sight  weak.  In 
strategy  it  is  important  to  see  distant  things 
as  if  they  were  close  and  to  take  a  dis¬ 
tanced  view  of  close  things.”  This  is  the 
role  of  a  scout,  to  go  beyond  the  immedi¬ 
ate  problem,  seeing  its  true  implications 
and  identifying  other,  perhaps  more 
important  challenges  on  the  horizon. 

“Smart  CIOs  know  not  to  jump  on 
any  bandwagons,”  says  the  University  of 
Virginia’s  Nelson.  “On  the  other  hand, 
they  also  know  when  to  pioneer  in  the 
application  of  proven  technologies.  That’s 
a  vital  skill” — albeit  a  difficult  one. 

Sometimes  a  CIO’s  technology  recon¬ 
naissance  can  lead  to  new  external  busi¬ 
ness  lines  and  service  offerings.  That  was 


the  experience  Preston  B.  Bradford  had 
with  EAI.  “Not  long  ago  we  decided  to 
deploy  EAI  in-house  as  a  means  of 
improving  our  own  organization,”  says 
Bradford,  senior  vice  president  and,  until 
recently,  CIO  for  Sapient,  a  Cambridge, 
Mass. -based  technology  consultancy. 


“Very  soon,  however,  we  discovered  that 
we  were  able  to  leverage  our  newfound 
expertise  into  solutions  for  some  of  our 
clients.  Now  we’re  considering  develop¬ 
ing  a  practice  in  that  area.” 

The  Technology  Interpreter 

Being  an  authoritative  technology  inter¬ 
preter  is  a  requirement  for  CIOs  who 
want  to  be  effective  in  strategic  planning. 
For  Wilson,  this  means  being  fully  con¬ 
versant  in  two,  often  distinct  vocabular¬ 
ies.  “The  common  language  of  business 
is  still  accounting  and  finance,”  he  says. 
“You  need  someone  who  understands 
technology  and  can  interpret  it  in  busi¬ 
ness  terms  for  others.” 

But  interpreting  technology  for  your 
business  colleagues  means  more  than 
explaining  what  acronyms  like  ERP  and 
ASP  stand  for.  CIOs  must  be  able  to 
bridge  the  gap  between  IT  and  opera¬ 
tions.  “I  had  better  understand  how 
information  technology  is  evolving  and 
how  it  enables  our  operations  to  be  more 


effective,”  says  Richard  Ricks,  CIO  of 
Brampton,  Ontario-based  Nortel  Net¬ 
works.  “There  is  tremendous  value  when 
a  CIO  understands — and  articulates — 
how  decisions  impact  the  technology 
direction  as  well  as  the  business  process  in 
a  holistic  way.” 


London  Business  School’s  Earl  agrees: 
“The  CIO  has  to  be  a  good  technologist, 
but  first  he  has  to  show  that  he  under¬ 
stands  the  business.  That’s  the  entry 
ticket.  Then  the  CIO’s  role  is  to  under¬ 
stand  new  technologies  and  interpret  how 
they  might  be  applied  to  the  advantage 
of  the  business.” 

The  process  discipline  that  is  so  vital 
to  IT  work  can  add  another  dimension 
to  the  CIO’s  role  in  strategic  planning. 
“One  of  the  most  difficult  and  important 
things  I  do  is  shine  a  light  on  process,” 
says  Charles  Wodehouse,  president  of 
Jacksonville,  Fla.-based  CSX  Technology, 
the  IT  service  unit  of  transportation  giant 
CSX  Corp.,  headquartered  in  Richmond, 
Va.  “I  have  to  keep  pushing  on  the  com¬ 
pany’s  process  view  of  itself.  My  strength 
is  looking  at  how  we  can  apply  technol¬ 
ogy  to  make  our  company  easier  to  do 
business  with,  more  efficient  internally,  a 
better  utilizer  of  capital  assets.” 

Wodehouse,  who  worked  his  way  up 
through  the  CSX  financial  ranks  before 


Hot 

Seat 


CIO  ROLES  IN 

STRATEGIC  PLANNING 

SCOUTING  OUT  NEW  TECHNOLOGY 

INTERPRETING  NEW  TECHNOLOGY 

■  Gauge  how  soon  new  technologies 

FOR  CXOS 

will  become  widely  used 

■  Explain  the  benefits  and  pitfalls 

■  Decide  when  your  company 

■  Calculate  the  financial  ramifications 

should  be  an  early  adopter  and 

■  Articulate  the  effect  of  new 

when  you  should  wait 

technologies  and  systems  on 

■  Keep  an  eye  out  for  business 

business  operations 

opportunities  bred  by  new  technologies 

48  CIO  MARCH  15,  2002  •  www.cio.com 


Voice  and  data  merge. 

Two  networks  become  one 


Discover  all  that's  possible  on  the  Internet 


©2002  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  Cisco  Systems,  the  Cisco  Systems  logo,  Empowering  the  Internet  Generation, 
and  Cisco  Powered  Network  are  registered  trademarks  or  trademarks  of  Cisco  Systems.  Inc. 


iiiniiinsuiiiiiuiiititiiiiiniiftiiiiiiiiiiiiiiiiiiiiiiiiaininiiiWn' 


SOLUTIONS  FOR  YOUR  NETWORK 


VPN/SECURITY 

+  S 

IP  TELEPHONY 

► 

CONTENT  NETWORKING 

+ 

OPTICAL 

+ 

STORAGE  NETWORKING 

+ 

MOBILITY 

+ 

A 

cisco.com/go/iptelephony  - 

Isn't  it  time  you  combined  your  separate  networks  into 
one  powerful  and  integrated  enterprise  network?  With 
Cisco  IPTelephony,  you'll  cut  costs  and  discover  entirely 
new  ways  to  compete  -  enabling  a  whole  new  class  of 
powerful  applications  never  before  conceivable  on 


Cisco  Systems 


separate  networks.  With  Cisco  AVVID  enterprise  architecture,  you  can  do  all  this  without  any 
disruption.  This  standardized  enterprise  architecture  allows  you  to  seamlessly  integrate  voice, 


Empowering  the 
Internet  Generation 


video,  wireless  and  data  applications  on  a  single,  scalable  network.  This  includes  new  and 


existing  technologies  alike.  Whether  you're  building  your  enterprise  network  or  extending  it 
with  Cisco  Powered  Network  services,  take  advantage  of  the  tools  below  to  get  it  done  right. 


^  IP  Phone  Demo 

Case  Studies 

Design  Guides 

Newsletter  Sign-up 

Join  Discussion 

Cisco  Powered  Network 

becoming  CIO,  notes 
that  IT  and  finance 
share  a  deep  cultural 
commitment  to  pro¬ 
cess,  making  them 
complementary  team¬ 
mates  in  strategic  planning.  While  CFOs 
could  take  tips  from  CIOs  on  the  impor¬ 
tance  of  technological  innovation,  he 
says,  CIOs  also  have  a  lot  to  learn  from 
their  colleagues  on  the  money  side  of  the 
house:  “IT  has  to  be  driven  by  a  basic 
understanding  of  business  and  fundamen¬ 
tal  appreciation  of  economics.” 

Perks  of  Planning 

Effective  CIO  involvement  in  the  strategic 
planning  process  is  not  only  good  for  the 
company,  it  also  yields  great  benefits  for 
IT  departments  and  executives  them¬ 
selves.  “For  me  to  have  the  broad  con¬ 
text,  to  know  where  the  company  is 
going,  makes  IT  deployment  so  much 
easier,”  says  Wodehouse.  “It  helps  with 
funding,  with  prioritizing  projects,  even 
in  designing  systems  themselves.” 

Ricks  sounds  a  similar  note:  “I  gain  a 
clear  understanding  of  where  the  business 
is  going,  the  impact  to  business  processes 
and  infrastructure,  what  services  may  be 
leveraged  more  extensively,  and  what 
activities  are  needed.” 

Marriott’s  Wilson  views  his  role  in 
strategic  planning  as  insurance  against 
poor  decision  making.  “For  instance,  if  I 
hadn’t  been  involved  in  strategic  planning 
for  CRM,  I  might  have  been  inclined  to  go 
out  and  implement  something  without 
knowing  how  our  heads  of  marketing, 
finance  and  operations  were  looking  at  it. 
And  I  might  have  messed  it  up,”  he  says. 

Of  course,  the  most  basic  business 
knowledge  is  the  desire  of  the  customer. 
As  marketing  guru  A1  Ries  puts  it, 
“Strategy  should  evolve  out  of  the  mud  of 
the  marketplace,  not  in  the  antiseptic 
environment  of  an  ivory  tower.”  It  is  no 
less  important  for  the  CIO  to  be  an  inter¬ 
preter  of  consumer  desire  than  it  is  for  a 


Hot 

Seat 


MANAGEMENT  BRIEFS 

MULTITASKING 


Tallying  the  Cost  of 
Doing  Too  Much 

You  know  what  happens  when  you 
have  too  many  windows  open  on  your 
desktop— at  best  your  computer’s 
response  time  is  reduced  to  a  crawl, 
at  worst... crash!  Your  brain  may  react 
the  same  way  to  multitasking,  accord¬ 
ing  to  "Executive  Control  of  Cognitive 
Processes  in  Task  Switching,”  an 
August  2001  study.  In  clinical  experi¬ 
ments,  study  groups  were  asked  to 
complete  a  combination  of  tasks. 
Subjects  who  alternated  between 
activities  took  substantially  longer 
than  those  who  tackled  one  job  at  a 
time,  says  David  Meyer,  a  University  of 


Michigan  professor  of  psychology  who 
is  one  of  the  study’s  authors.  Meyer 
estimates  “switching-time  costs”  to  be 
as  high  as  25  percent  to  50  percent 
more  per  individual  task,  depending 
on  its  complexity  and  familiarity. 

But  with  practice  there  is  hope  for 
improvement,  Meyer  says.  "In  order  to 
be  optimized  for  multitasking,  you 
have  to  be  able  to  willfully  control 
your  attention”— something  that  is 
emphasized  in  many  meditative 
practices.  Still,  he  warns,  “no  matter 
how  hard  you  try,  you  will  never  be  as 
good  multitasking  as  you  are  concen¬ 
trating  on  one  [task].” 

-Amanda  S.  Fox 


Turning  Multitasking 
into  a  Tool 

By  its  very  nature,  IT  work  requires 
multitasking.  But  what  some  see  as  a 
necessary  evil,  others  see  as  an  advan¬ 
tage.  Rick  Bauer,  CIO  of  The  Hill  School, 
a  prep  school  in 
Pottstown,  Pa.,  uses 
multitasking  as  a  cross¬ 
training  tool.  He  actively 
encourages  his  team  to 
balance  core  job 
responsibilities  with 
other  pursuits.  A 
network  administrator  may  double  as  a 
lecturer  in  a  computer  training  course 
or  take  time  to  get  down  and  dirty  with 
new  security  innovations.  On  a  larger 
scale,  IT  multitasking  should  be  defined 
by  a  strategic  planning  process. 

Diane  Barbour,  CIO  of  the  Rochester 
Institute  of  Technology  in  Rochester, 
N.Y.,  incorporates  her  employees’ 
multitasking  into  her  strategic  plan.  “We 
are  working  on  a  process  here  where  all 


new  projects  and  unanticipated  work 
flows  through  a  program  management 
office  [PMO],”  she  says.  The  PMO 
tracks  the  workload  of  every  staffer  to 
determine  who  has  the  bandwidth  to 
take  on  new  tasks.  Barbour  also  sets 
well-defined  goals  for 
employees.  "I  make  it 
clear  to  them  when  they 
are  hired  that  they  will 
be  spending  X  percent 
[of  time]  on  project  A 
and  Y  percent  on  pro¬ 
ject  B.” 

Not  all  CIOs  support  this  approach. 
Dale  Tennison,  CIO  of  GLT  &  Assoc¬ 
iates,  a  data  mining  company  based  in 
Hudson,  Wis.,  defines  IT  multitasking  as 
"a  natural  reaction  to  management’s 
inability  to  provide  focus  and  direction.” 
Tennison's  correctives  are  project 
management  discipline  and  ROI  project 
analysis.  The  bottom  line  in  multitask¬ 
ing,  Bauer  says,  is  that  “saying  no  is  as 
important  as  saying  yes.”  -A.F. 


50  CIO  MARCH  15.  2002  •  www.cio.com 


ILLUSTRATION  BY  JOSEF  GAST 


BUSINESS  SYSTEMS 


STRATEGY  IMPLEMENTATION  RESULTS 


Scott  A.  Rosenberger 

Client  Relationship  Managing  Director, 

Consumer  &  Industrial  Markets,  KPMG  Consulting 


James  S.  Hudson 

Corporate  Vice  President,  Strategic  Financial  Planning  &  Control, 
Chipf  Arrnuntinp  Offirpr  &  CFO  FpHFy  C nmnratp  Sprwirps 


Copyright  2002,  KPMG  Consulting,  Inc.  All  rights  reserved.  KPMG  Consulting,  Inc.  is  an  independent  consulting  company. 


"We  told  KPMG  Consulting: 

We  absolutely,  positively  had  to 
have  the  system  in  7  months..." 


"FedEx  depends  on  KPMG  Consulting  to 
know  their  business  and  operations,  to 
navigate  internally,  and  get  things  done. 

We  are  an  integral  part  of  the  team  inside 
FedEx.  We  understand  how  to  design, 
facilitate,  and  execute  from  strategy 
through  integration. 

The  bottom  line,  we  help  reduce  costs  and 
deliver  efficiency  breakthroughs  company¬ 
wide.  It's  a  solid  partnership." 


"...And  they  delivered.  A  new  Web-based 
financial  system  in  just  7  months.  It's 
already  helping  us  cut  costs,  improve 
information  availability,  and  boost 
profitability. 

We  streamlined  the  financial  processes  of 
our  service  organization.  We're  now  at  a 
best-in-class,  2-day  close  process." 


marketing  executive 
or  product  develop¬ 
ment  manager.  Catch¬ 
ing  up  on  the  cus¬ 
tomer  perspective  is 
the  first  thing  Sapient’s 
Bradford  always  does  when  starting  the 
strategic  planning  process.  “You  can 
miss  the  mark  if  you’re  not  close  to  your 
customers,”  he  says.  “I  spend  about 
20  percent  of  my  time  out  talking  to 
clients,  working  with  account  teams, 
understanding  what  the  problems  are, 
and  I  find  that  to  be  extremely  valuable 
in  strategic  planning.” 

In  the  end,  strategic  planning  is  about 
success  in  the  marketplace.  Since  IT  is 
an  essential  component  in  the  recipe  for 
success  in  most  organizations  today,  it’s 


“If  I  hadn’t  been  involved 
in  strategic  planning  for 
CRM,  I  might  have  been 
inclined  to  go  out  and 
implement  something 
without  knowing  how 
our  heads  of  marketing, 
finance  and  operations 
were  looking  at  it.  And  I 
might  have  messed  it  up.” 

-Carl  Wilson,  CIO, 
Marriott  International 


imperative  that  CIOs  perform  their  role 
well.  Nortel  Networks’  Ricks,  with 
23  years  of  IT  experience,  including 
12  years  of  strategic  planning  practice, 
offers  this  advice  to  fellow  CIOs:  “Don’t 
be  a  wallflower.  The  nature  of  a  CIO  is 
to  see  the  total  business  process  end-to- 
end....  CIOs  can  bring  tremendous  value 
to  the  strategic  planning  table — so  insist 
upon  it.”  E0 


Hot , 
Seat 


What's  your  role  in  strategic  planning?  Send 
e-mail  to  hotseat@cio.com.  Mark  Gordon  is  a 
freelance  writer  in  Westerly,  R.l.  He  can  be 
reached  at  markgordon@att.net. 


LEADERSHIP  IMPERATIVE 

BY  SUSAN  CRAMM 

The  New  CIO  Mantra:  Shut  Up  and  Listen 

FOR  THE  NEXT  THREE  MONTHS,  keep  your  mouth  shut 
and  don't  do  anything. 

This  advice  was  given  to  me  on  the  first  day  I  worked  as 
a  CIO.  It  sounds  simplistic,  but  it’s  great  advice  for  new 
CIOs  or  experienced  CIOs  who  have  just  joined  a  company. 
The  underlying  premise  is  sound:  You  can  do  more  harm 
than  good  during  your  first  100  days  on  the  job  by  making 
decisions  without  the  necessary  facts  and  relationships. 

The  rookie  executive  who  walks  in  to  a  new  job  spouting  off  opinions  about 
what's  wrong  has  the  political  equivalent  of  spinach  in  his  teeth.  By  the  time 
somebody  tells  him  to  shut  up,  listen  and  learn,  he  is  facing  a  major  deficit  in 
the  credibility  bank. 

This  profile  is  pretty  black  and  white— none  of  us  would  commit  this  type  of 
faux  pas,  would  we?  Well,  in  real  life  there  are  a  lot  more  shades  of  gray.  Here 
are  some  true  examples  of  smart  people  who  did  some  stupid  things. 


■  To  meet  an  HR  deadline,  the  CIO 
of  a  financial  services  company  hus¬ 
tled  to  give  performance  reviews  to 
the  employees  he  had  inherited.  He 
worked  hard  to  collect  360-degree 
feedback,  but  he  was  unable  to 
achieve  the  ultimate  goals  of  the 
reviews— namely,  agreement  on  future 
performance  expectations  and  devel¬ 
opment  plans— because  he  could  not 
analyze  and  convey  the  information  in 
a  way  that  was  credible  to  his  staff. 

•  A  CIO  new  to  another  financial 
services  company  fell  into  the  trap  of 
determining  the  rollout  strategy  for 
software  with  a  spotty  track  record 
even  though  she  lacked  the  appropri¬ 
ate  information.  As  a  result,  she  is 
being  held  responsible  for  implemen¬ 
tation  problems  that  were  not  created 
by  her  but  that  she  had  allowed  to 
continue. 

■  A  retail  industry  CIO  pushed  the 
“reorg”  button  too  early.  He  felt  the 
need  to  make  hard  decisions  when 
head  counts  were  doled  out  to  avoid 
losing  out  in  the  budgeting  process.  A 


subsequent  reorganization  was  neces¬ 
sary,  which  he  had  to  sell  to  a  much 
more  skeptical  audience. 

■  A  CIO  of  a  transportation  company 
listened  well  to  his  clients  but  forgot 
to  spend  time  to  get  to  know  his  staff. 
When  he  started  to  roll  out  his  lead¬ 
ership  agenda,  he  was  stopped  dead 
in  his  tracks  by  an  organization  that 
wasn’t  on  board. 

All  these  miscues  have  a  common 
ingredient:  CIOs  who  stopped  listening 
too  soon  because  they  felt  forced  to 
take  some  action.  Forced  because  they 
wanted  to  fix  what  seemed  (to  them) 
so  obviously  wrong,  to  make  a  quick 
impact,  to  meet  a  schedule  or  to  avoid 
disappointing  an  important  client. 

Look  Before  You  Leap 

Those  CIOs  forgot  the  truism  that 
ideas  are  cheap— the  hard  part  is 
delivering  results.  Don't  make  com¬ 
mitments  that  your  organization  can¬ 
not  keep.  Just  because  something  is 
screwed  up  doesn’t  mean  you  can  fix 
it  or  fix  it  quickly.  One  of  my  favorite 


52  CIO  MARCH  15,  2002  •  www.cio.com 


(D  2002  Pacific  Edge  Software,  Inc.  All  rights  reserved,  The  Edge  for  IT™  is  a.  trademark. of  Pacific  Edge  Software,  Inc. 


Sarah’s  IT  project  is  not 
aligned  with  company  goals. 
There  goes  $1.5  million. 

$!@#! 


^  pacificedge 

J  SOFTWARE 

Portfolio  Management  for  Smarter  Business 


Project  Portfolio  Management 
can  save  you  millions. 

Today,  IT  organizations  must  account  for  every 
dollar  spent.  Project  Portfolio  Management  enables 
you  to  determine  which  of  your  initiatives  make 
good  business  sense.  As  the  leading  provider 
of  Project  Portfolio  Management  solutions, 
Pacific  Edge  has  developed  The  Edge  for  IT'.M 
This  proven  mix  of  technology,  services,  and 
processes  helps  you  make  the  right  decisions. 
With  the  help  of  our  solution,  a  federal  housing 
agency  saved  $36  million.  Within  45  days,  you 
will  see  a  difference  in  your  own  bottom  line. 


Tipany  can  save  millions.  Visit  www.pacificedge.com/cio  or  call  425-897-8800 
maturing  the  latest  strategies  from  Project  Portfolio  Management  experts. 


expressions  is  “Most 
organizations  have 
the  IT  capability  they 
deserve.”  Understand 
that  the  state  of  IT  in 
your  company  is  the 
way  it  is  for  good  reason.  If  something  is 
obviously  wrong,  try  to  figure  out  why 
the  organization  has  ignored  fixing  it 
and  what  you  can  realistically  do  to 
counter  that. 

A  lot  of  decisions  can  be  deferred  or 
made  in  stages.  For  example,  the  new  CIO 
of  Dell  Computer  knew  that  SAP  would 
not  work  for  his  organization,  but  he  had 
no  idea  what  would  work.  He  asked  for 
and  got  three  months  to  formulate  a  new 
recommendation  and  plan.  Don’t  be 
forced  into  making  decisions  for  which 


Ideas  are  cheap— the 
hard  part  is  delivering 
results.  Don’t  make 
commitments  that  your 
organization  cannot 
keep.  Just  because 
something  is  screwed 
up  doesn’t  mean  you 
can  fix  it  or  fix  it  quickly. 


you  don’t  have  the  necessary  information 
or  insight.  If  a  project  is  headed  for  dis¬ 
aster  but  you  don’t  know  what  to  recom¬ 
mend  in  its  place,  share  the  information 
that  you  have  and  ask  for  time  to  develop 
a  new  action  plan.  If  performance  reviews 
are  due,  ask  for  an  extension.  If  next 
year’s  budgets  need  to  be  finalized,  ask 
for  a  reasonable  dollar  amount  and  plan 
for  a  review  in  six  months. 

Once  you've  gained  the  time  neces¬ 
sary  to  listen,  what  is  it  that  you  need  to 
learn  during  your  first  100  days?  You 
should  be  gathering  information  and 
building  the  relationships  necessary  to 
establish  your  IT  leadership  agenda.  That 
includes  an  assessment  of  IT  effective¬ 


ness,  your  vision  for  IT,  key  strategies 
and  priorities  for  the  next  six  to 
12  months,  a  definition  of  IT  performance 
metrics,  and  current  baseline  measure¬ 
ments.  To  develop  your  leadership 
agenda,  you  need  to  gather  the  right 
information.  Start  by  asking  the  follow¬ 
ing  questions. 

■  What's  the  state  of  the  business? 
Where  is  the  company’s  money  made 
and  spent?  What  is  the  business  vision 
and  strategy?  How  is  performance  meas¬ 
ured,  and  who  is  accountable?  What  is 
the  industry  value  chain  and  your  com¬ 
pany's  relative  competitiveness? 

■  How  credible  is  IT?  What  value  has 
IT  delivered  in  the  past?  How  are  IT  deci¬ 
sions  made?  What  is  the  value  of  the  cur¬ 
rent  project  portfolio?  What  are  IT's  great¬ 
est  successes  and  failures?  What  is  the 
likelihood  of  delivering  current  project 
commitments?  Can  IT  deliver  high-quality 
operational  services  at  reasonable  costs? 
Who  are  the  stars  of  the  organization  and 
are  they  in  positions  of  influence? 

■  What  is  your  IT  architecture?  How 
well  is  the  company's  value  chain  sup¬ 
ported  by  IT?  What  capabilities  exist  rel¬ 
ative  to  the  industry?  How  appropriate  is 
the  underlying  technology?  Are  stan¬ 
dards  defined  and  adhered  to? 

Run  with  the  Right  Crowd 

Those  are  the  right  questions  to  ask  in 
your  first  100  days;  to  get  the  right 
answers,  you  need  to  hang  out  with  the 
right  people.  They  include  your  peers, 
your  staff,  consultants  and  vendors,  and 
the  front  line.  Getting  to  know  other 
executives  might  seem  obvious,  yet  it 
surprises  me  how  many  new  CIOs  don’t 
understand  that  peer  relationships  are 
critical  to  their  success.  Getting  to  know 
your  staff  is  also  crucial.  Equally  impor¬ 
tant  is  that  they  get  to  know  you.  During 
the  first  100  days,  your  staff  interactions 
should  be  focused  on  both  gathering 
data,  and  building  trust  and  faith  in  your 
leadership.  Consultants  and  vendors  can 


sometimes  be  a  very  good  resource  to 
help  you  assess  your  systems  and 
organization  against  industry  and  IT 
best  practices. 

Last  but  far  from  least,  you  need  to  get 
to  know  the  front  line.  The  front  line  is  the 
employees  in  your  organization  who 
interact  with  the  consumer.  The  front  line 
is  where  IT  value  resides.  Understand 
how  to  improve  the  interactions  with  your 
consumers  so  that  you  can  identify  the 
foundation  of  your  IT  strategy. 

A  lot  of  my  clients  ask  me  if  they'll 
have  a  honeymoon  period  when  starting 
a  new  position.  I  always  tell  them  no. 
They  must  focus  immediately  on  build¬ 
ing  relationships,  understanding  the  busi¬ 
ness  and  delivering  a  few  quick  wins. 
CIOs  who  can  do  those  things  will  get 
credit  for  a  great  start.  In  most  cases, 
three  months  is  a  reasonable  ramp-up 
period,  and  six  months  is  way  too  long. 

At  the  end  of  your  first  100  days,  you 
should  be  able  to  articulate  your  agenda, 
and  you  should  have  the  right  people 
lined  up  to  help  you  make  it  happen.  You 
can  accomplish  those  tasks  only  by  clos¬ 
ing  your  mouth  and  opening  your  ears.  If 
your  tendency— like  most  people— is  to 
walk  around  with  spinach  in  your  teeth, 
remind  yourself  of  the  Shut  Up  and  Listen 
mantra  by  placing  some  toothpicks  on 
your  desk.  [313 


Susan  H.  Cramm,  former  CIO  and  vice  president 
of  IT  at  Taco  Bell  and  CFO  and  executive  vice 
president  at  Chevys,  a  Taco  Bell  subsidiary,  is 
president  of  Valuedance,  an  executive  coaching 
firm  based  in  San  Clemente,  Calif.  She  can  be 
reached  at  shcramm@aol.com. 

CIO  columnist  Susan  Cramm  is  now 
available  to  answer  reader  questions. 
Submit  your  questions  to  Leadership 
Imperative  on  our  website  at 
www.cio.com/research/leadership/ 
imperative.html. 


54  CIO  MARCH  15,  2002  •  www.cio.com 


FILE  UNDER  :  DATA  PROTECTION 


How  safe  is  your  data? 

(Really.) 


'An  enterprise  cannot  become  resilient  unless  it  can  effectively 

operate  a  backup-and-restore  method  for  all  of  its  user 
workstations  -  in  the  offices,  mobile  and  remote. 

Continuous  backup,  and  the  ability  to  restore  anywhere  and 
anytime,  is  fundamental  not  only  as  a  convenience  to 
the  individual  user,  but  to  the  survival  of  the  business. 

The  great  majority  of  tools  for  backup  and  restore  are  based  on 
the  erroneous  assumption  that  the  user  will  have  constant 
access  to  a  high-speed  LAN.  ff 

Best  Practices  for  Mobile  Workforce  Information  Backup, 

John  Girard,  Gartner  Research,  QA,  Dec  2001 


With  Connected  TLM™,  you  can  securely  protect, 
and  restore  your  data-in  the  office  or  over  the  Internet— 

anytime,  anywhere. 


CONNECTED 


DATA  SAFE. 
PCs  UP. 
COSTS  DOWN. 


H 

r  1 

Meet  Gary  Beach  •  CIO  magazine  &  Connected  Executive  Event  Series: 

CXO  Media  Inc.  '  www.connected. com/events/CIO 

.  .  _ j 

r  ,  V 

By  400  corporations,  including  Amgen,  Citgo,  Deutsche  Banc, 
DEPLOYED  I  Fidelity,  Hewlett-Packard,  Lockheed  Martin,  Schlumberger, 

Toyota,  Tyco,  U.S.  Army,  U.S.  Postal  Service  and  VISA 

>oo 

DOWNLOAD  '  Get  the  full  story  on  Connected  from  Gartner 

•  vvww.connected.com/gartner  bestpractices 

©2002  CONNECTED  CORPORATION.  CONNECTED  AND  CONNECTED  TLM,  ARE  TRADEMARKS  OF  CONNECTED  CORPORATION.  ALL  OTHER  MARKS  ARE  PROPERTY  OF  THEIR  RESPECTIVE  OWNERS. 


IS  THE  TIME  TO 

PULL  THE  PLUG 

ON  YOUR 


Kevin  Murray,  CIO  of  American  International  Group, 
showed  his  board  that  they  could  save  30  percent  of 
the  cost  of  legacy  maintenance  if  they  moved  from  main¬ 


frame  to  thin  client.  “Their  jaws  hit  the  floor,”  he  says. 


PHOTO  BY  ANDREW  KIST 


Cover  Story  |  IT  Infrastructure 


Right  now,  the  economy  is  reeling.  Right  now,  everything 
seems  uncertain.  Right  now,  the  CFO  is  glowering,  the  CEO 
is  cowering,  and  the  shareholders  are  rebelling.  Despite  all 
that,  right  now  is  the  perfect  time  to  tear  down  your  legacy 
applications  and  start  over,  by  simone  kaplan 


KEVIN  MURRAY,  CIO  OF  DOMESTIC  BROKERAGE  AND  PERSONAL  LINES  FOR  AMERICAN  INTERNATIONAL  GROUP  (AIG), 


Reader  ROI 

►  See  why  your  peers 
decided  that  now  is  the 
right  time  to  rebuild  their 
legacy  infrastructures 

►  Discover  what  arguments 
to  take  to  your  board  for 
undertaking  legacy 
modernization  and 
migration  projects 

►  Learn  about  new  tools 
for  making  pulling  the 
plug  on  your  legacy 
applications  easier 
and  cheaper 


had  a  mainframe  full  of  fat-client  legacy 
applications.  He  just  trashed  it  in  favor  of 
newly  written  thin-client  Java  and  XML 
applications. 

Dan  Roberts,  CIO  of  the  PMI  Group,  a 
mortgage  insurance  company,  is  in  the  middle 
of  Web-enabling  his  back-office  legacy  sys¬ 
tems,  a  project  he  anticipates  will  take  up 
to  three  years.  However,  he  says  it’s 
“absolutely  necessary”  if  his  company  is 
going  to  keep  up  with  product  development 
and  customer  demands. 

Maria  Fitzpatrick,  CIO  of  PacifiCare 
Health  Systems,  just  decided  to  get  away 
from  the  multiple  OpenVMS  and  Unix  pro¬ 
grams  scattered  across  her  company’s  busi¬ 
ness  units,  and  upgrade  to  a  single  Web- 
enabled  platform.  The  project  is  part  of  a 
major  effort  to  redesign  PacifiCare’s  corpo¬ 
rate  strategy  by  unifying  business  processes 
across  all  units. 

The  list,  long  now,  will  get  longer.  Every 
day  thousands  of  enterprises  rely  on  decades- 
old  applications  written  in  obsolete  program¬ 
ming  languages  that,  along  with  the  systems 
on  which  they  reside,  are  no  longer  sup¬ 
ported  by  the  application’s  creators — who¬ 
ever  they  were  and  wherever  they  may  be. 

So  why  don’t  CIOs  just  pull  the  plug  on 
these  ancient  applications? 

“If  it  was  that  easy  to  get  off  these  systems, 
most  CIOs  would  have  done  it  already,” 
says  Dale  Vecchio,  research  director  of  appli¬ 
cation  development  for  Stamford,  Conn.- 
based  Gartner. 

“The  only  way  I’ll  address  renovating  my 


legacy  systems  is  if  they  stop  enabling  the 
business,”  says  John  White,  vice  president 
of  IT  at  Parker  Hannifin,  a  Cleveland-based 
manufacturer.  “My  barometer  is  the  ROI,” 
he  says. 

While  White’s  rule  of  thumb  is  widely 
held,  more  and  more  business  executives  are 
coming  to  grips  with  the  fact  that  the  Internet 
has  placed  demands  on  companies  and  com¬ 
puting  systems — such  as  real-time  order  pro¬ 
cessing  and  managing  high-bandwidth 
demands — that  most  legacy  applications  just 
can’t  handle.  CIOs  know  this  better  than 
anyone  else.  But  right  now  would  be  the 
worst  time  for  an  organization  to  begin  a 
major  infrastructure  face-lift,  wouldn’t  it? 
The  economy  is  in  clampdown  mode. 
Enterprises  are  struggling  to  find  cash  for  the 
most  basic  projects.  Only  the  nuttiest  CIO 
would  argue  for  spending  money  on  infra¬ 
structure,  and  only  the  most  irresponsible 
CEO  would  approve  the  expenditure.  Right? 

Actually,  not  right.  In  fact,  spending 
money  to  keep  legacy  applications  going  is 
a  mistake.  Assigning  personnel  to  keep 
legacy  applications  running  is  a  big  mistake. 
Making  business  plans  based  on  legacy 
applications  is  an  enormous  mistake. 

Despite  all  apparent  evidence  to  the  con¬ 
trary,  right  now  is  the  ideal  time  to  either  pull 
the  plug  (which  would  be  ideal)  or  overhaul 
legacy  applications.  And  a  whole  roster  of 
major  American  enterprises  are  seizing  this 
opportunity  to  get  a  jump  on  their  competi¬ 
tors  by  modernizing  (connecting  their  legacy 
system  to  a  Web  front  end)  or  migrating  their 


www.cio.com  •  MARCH  15,  2002  CIO  57 


Cover  Story 


IT  Infrastructure 


How  PMI  figured  the  ROI  of  legacy  migration 


Here  are  some  numbers  from  the  PMI  Group’s  1996  cost-benefit  study  that 
started  it  on  its  path  to  legacy  migration 


Benefits 

Avoiding  service-related  revenue  reduction 

$27.8  million 

Winning  back  lost  business  allocations 

$9.1  million 

Gain  in  market  share 

$20.4  million 

TOTAL  GROSS  BENEFITS 

$57.3  million 

Expenses 

Duplicate  processing  expenses 

$14  million 

Estimated  cost  of  project 

$20  million 

TOTAL  COST 

$34  million 

NET  BENEFIT  TO  COMPANY 

$23.3  million 

SOURCE:  PMI  GROUP  CIO  DAN  ROBERTS 

legacy  systems  to  new  thin-client-based  Web 
systems. 

And  they’re  doing  it  right  now. 

THE  LEGACY  ALBATROSS 

egacy  applications  underlie  almost 
every  enterprise.  In  general,  these 
applications  are  stable  but  inflexible, 
expensive  and  difficult  to  maintain.  How 
expensive?  According  to  Gartner,  between 
60  percent  and  80  percent  of  an  average 
company’s  IT  budget  is  spent  on  maintain¬ 
ing  existing  mainframe  systems  and  the 
applications  that  run  on  them.  Maintenance 
of  legacy  software  is  complicated  by  the  fact 
that  the  number  of  programmers  who  know 
how  to  handle  former  standards  such  as 
Cobol  is  shrinking  with  each  passing  year. 

Though  not  every  legacy  application 
needs  a  complete  overhaul,  the  harsh  reality 
is  that  all  legacy  systems  at  least  must  be  Web- 
enabled  if  a  business  is  to  grow  and  remain 
competitive,  says  PacifiCare’s  Fitzpatrick,  sen¬ 
ior  vice  president  and  CIO  of  the  $12  billion 
Santa  Ana,  Calif. -based  company.  Fitzpatrick 
plans  to  migrate  from  three  disparate  legacy 
software  systems  to  a  single,  Web-enabled 
platform,  which  she  hasn’t  yet  chosen. 

“Right  now,  cost  efficiency  is  key,”  she 
says.  “Maintaining  and  trying  to  integrate 
multiple  software  platforms  becomes  expen¬ 


sive  over  time.  There’s  a  great  business  need 
for  companies  to  strive  to  provide  increased 
service  levels  to  customers.  Web  capabilities 
are  the  path.” 

The  project’s  expected  ROI  stems  in  part 
from  the  projected  decrease  in  maintenance 
costs  of  the  new  system  compared  with  the 
legacy  system,  she  says.  Also,  by  linking  to 
the  Web,  Fitzpatrick  can  put  her  company  in 


closer  contact  with  its  constituents — doctors, 
hospitals  and  employers — and  decrease 
administrative  costs. 

“The  most  important  justification  for 
beginning  this  kind  of  project  is  the  business 
need,”  says  Bruce  Fadem,  vice  president  and 
CIO  of  American  Home  Products,  a  $13.3 
billion  global  pharmaceutical  company 
based  in  Madison,  N.J. 

Because  legacy  applications  are  so  tightly 
tied  to  the  way  a  company  functions,  the 


health  and  flexibility  of  those  applications 
directly  affect  the  business’  ability  to  grow. 

“The  time  is  right  for  modernization 
because  the  attempt  to  marry  the  worlds  of 
legacy  and  e-business  has  reached  the  point 
of  pain,”  says  Tyler  McDaniel,  an  analyst 
with  the  Hurwitz  Group,  an  IT  consultancy 
in  Framingham,  Mass.  “If  you  wait  to  mod¬ 
ernize,  you’ll  continue  to  suffer  conse¬ 


quences  such  as  errors,  delays  in  processing 
and  fulfillment  lags.  These  are  things  that 
will  drive  your  company  out  of  business.” 

YOU  ARE  YOUR  LEGACY  SYSTEM 

efore  beginning  any  kind  of  modern¬ 
ization  or  migration  project,  business 
and  IT  executives  must  understand 
exactly  what  their  legacy  systems  do  and 
whether  the  way  the  systems  work  actually 
reflects  the  business  strategy,  McDaniel  says. 

“It’s  a  huge  mistake  to  jump  into  migra¬ 
tion  on  a  per-project  basis  just  to  see  where  it 
leads,”  he  says.  “Develop  a  vision  of  where 
you  want  your  architecture  and  infrastructure 
to  be  in  two,  four,  six  and  eight  years.  Assess 
what  skills  are  available  and  know  what 
your  investments  are  right  now  in  develop¬ 
ment  versus  maintaining  legacy  applications. 
Does  the  existing  system  map  the  key  busi¬ 
ness  processes  that  are  critical  to  success? 
That’s  where  you  must  start.” 

David  R.  Guzman,  senior  vice  president 
and  CIO  of  Glenallen,  Va. -based  maker  of 
medical  and  surgical  supplies  Owens  & 
Minor,  did  just  that.  His  legacy  systems 
were  configured  to  assume  that  Owens  & 
Minor,  with  $3.5  billion  in  revenues,  owned 
all  the  supplies  it  shipped  to  customers,  but 
the  company  was  evolving  toward  a  third- 


Between  60 


average  company’s  IT 
maintaining  existing  mainframe  systems 

run  on  them. 


58  CIO  MARCH  15,  2002  •  www.cio.com 


SOME  OPERATIONS  ARE  EASIER  WITH 


Deploying  and  operating  mission-critical  applications  with  high 
availability  and  timely  delivery  requires  agility,  people  productivity 
and  operational  effectiveness.  You  need  proven  technology,  successful 
production  processes  and  most  of  all,  TEAMWORK. 

With  25  years  of  JCL  technology  and  expertise.  Diversified 
Software  can  help  you  leverage  your  internal  resources  to  achieve 
operational  effectiveness  and  maintain  competitive  advantage. 

With  mission-critical  operation  demands,  wouldn't  life  be  easier  with 
a  proven  partner? 

To  receive  our  white  paper  "Best  Practices  for  JCL  Asset 

Management  -  for  the  successful  deployment  and 
operation  of  mission-critical  applications",  call 
1  -877-265-2675  or  1  -408-778-991 4,  or  visit 
www.diversifiedsoftware.com/operations 


Expertise  makes 
the  Difference 


Diversified 

Software 


©  Copyright  2002.  The  Diversified  Software  Systems  logo  is  a  registered  trademark  of  Diversified  Software  Systems,  Inc 


Cover  Story 


IT  Infrastructure 


party  logistics  distribution  model.  What 
Guzman  needed  was  a  system  that  allowed 
the  company  flexibility  in  distribution  meth¬ 
ods.  This  provided  the  business  rationale  for 
migrating  to  a  Web-based  platform. 

For  Roberts,  CIO  of  the  $763  million  San 
Francisco-based  PMI  Group,  his  legacy  sys¬ 
tem’s  ability  to  support  customer  demands 


was  “questionable.”  The  back-office  systems, 
which  included  claims  payment,  billing  and 
policy  maintenance,  were  12  to  15  years 
old.  According  to  a  1996  study  commis¬ 
sioned  by  PMI  (one  year  before  Roberts 
arrived),  the  cost  of  modernizing  the  com¬ 
pany’s  legacy  systems,  estimated  to  be  about 
$20  million  (see  “Modern  Math,”  Page  58), 


was  less  than  the  estimated  cost  of  the 
potential  service-related  failures  that  could 
result  if  the  systems  were  left  in  place. 

At  that  time,  PMI  staff  in  both  the  IT 
department  and  the  policy  servicing  depart¬ 
ment  were  spending  hours  cross-referencing 
customer  data  between  the  legacy  systems 
and  the  separate  policy  systems.  As  the  two 
systems  didn’t  talk  to  each  other,  there  was 
always  the  risk  that  someone  might  miss 
something  during  the  manual  check. 

“It  was  only  a  matter  of  time,”  Roberts 
says.  “Everyone  knew  this  was  a  long-term 
problem  and  that  our  business  was  getting 
more,  not  less,  complex.” 

After  careful  analysis,  Roberts  determined 
that  the  database  underlying  his  systems 
wasn’t  inherently  flawed.  Fie  stuck  with  the 
AS/400  platform  and  is  rebuilding  his  back- 
office  applications  in  Java  and  RPG,  an 
AS/400-specific  programming  language.  He’s 
looking  at  several  legacy  migration  tools  that 
could  handle  translating  the  data  analytics 
processes  hidden  within  his  legacy  transaction 
processing  system,  but  he  has  not  decided 
yet  on  a  particular  tool.  (See  “Your  Mod¬ 
ernization  &  Migration  Toolkit,”  Page  62.) 

PMI’s  executive  board  members  knew  the 
legacy  system  was  a  problem,  but  they 
delayed  the  migration  project  in  order  to 
focus  on  getting  the  company’s  e-commerce 
strategy  in  place.  Once  that  was  complete 
in  late  1999,  Roberts  and  Kathy  Schroeder, 
vice  president  of  policy  management  systems 
and  the  project’s  business  sponsor,  got  to 
work  convincing  the  board  that  the  time 
was  right  to  tackle  the  migration.  And  one 
of  the  reasons  the  time  was  right,  they  said, 
was  that  the  cost  of  the  project,  estimated 
at  $20  million  in  1996,  had  come  down  in 
1999  to  an  estimated  $12  million. 

“The  board  knew  that  the  business  had 
changed  and  that  the  legacy  system  wasn’t 
built  to  deal  with  the  kind  of  claims  process¬ 
ing  and  transaction  products  we  had,” 
Roberts  says.  “They  knew  that  if  we  created 
a  new  product,  the  old  system  would  limit 
our  ability  to  roll  it  out.  We  had  to  make  it 
very  clear  that  waiting  any  longer  could 
really  hold  us  back.” 


PacifiCare  Health  Systems  CIO  Maria  Fitzpatrick  plans  to  migrate  from  three  disparate  legacy 
systems  to  a  single  Web-enabled  platform;  PMI  Group  CIO  Dan  Roberts  (below)  saw  the  esti¬ 
mated  cost  of  modernizing  his  legacy  system  drop  from  $20  million  to  $12  million  in  three 
years,  and  now  he’s  tool  shopping;  Owens  &  Minor  CIO  David  R.  Guzman  (bottom)  found  a 
migration  tool  that  would  uncover  the  business  processes  buried  in  his  old  Cobol-based  system 
and  turn  them  into  Web-ready  Java. 


PHOTO  LEFT  BY  ROBERT  BURROUGHS;  TOP  RIGHT  BY  JAY  WATSON:  BOTTOM  RIGHT  BY  DOUGLAS  WOODS 


Rockwell 

FirstPoint 

Contact 


& 


Arrivals 


«)w«rs 


087  LONDON/HUTHROV 

86!i  AMSTERDAM 

eu  mum 

126  BBT  PALM  8EACH 
430  FRAMKFURT 
350i  nu*mm 
(452  TAMPA 

124  Midi 

626  niim 

m  MILAM 
089  BRUSSELS 

955  MAJtOCSIW 


087  LONDON/fOTHROU 
m\  AMSTERDAM 
611  AMSTERDAM 
126  BBT  PAUI SACK 
430  flWBffisr 
3501  RAJKFiSf 
1452  TAMPA 
124  ZURICH 
626  MILAM 
7626  MSIAK 
089  BRUSSEtS 
955  WMCHBTER 


When  it  comes  to  intelligent 
customer  contact,  you  simply 
have  to  know  where  to  look. 


TZ 

8006 

DL 

8264 

AF  050 

LO 

001 

AA 

7491 

II 

4356 

UA 

949 

SE 

«.  i 

4  f? 

.  mas 

i 

Ai1b1 

J  £*  8  E*  I 

ifPiiSfi 

; 

lb 

1 

I- 

iissi ; 

■m 

i 

For  30  years,  Rockwell  FirstPoint  Contact  has  been  quietly  providing  intelligent  technology  for  leading 
companies  around  the  world.  If  you're  looking  to  enhance  customer  service  by  leveraging  your  investment 
in  CRM,  it's  time  to  take  a  new  look  at  the  industry  leader. 

Look  to  Rockwell  FirstPoint  Contact... where  intelligent  customer  contact  begins. 


1-800-416-8199 


www.rockwellfirstpoint.com 


Cover  Story 


IT  Infrastructure 


The  migration  was  approved,  the  money 
found.  Roberts  went  to  work  pulling  apart 
his  legacy  applications  in  October  2000.  He 
plans  to  finish  by  the  end  of  2003. 

SELLING  YOUR  CEO  ON 
LEGACY  MODERNIZATION 

merican  Home  Products’  legacy  sys¬ 
tem,  according  to  its  CIO,  was  ready 
for  the  junk  pile.  “We  were  dealing 
with  a  system  that  was  weak  in  function  and 
antiquated  in  platform,  and  to  redefine  our 
business  processes  we  had  to  reconfigure  the 
system.  It  was  that  simple,”  says  Fadem. 

When  multiple,  disparate  systems  begin 
slowing  a  company’s  growth,  it’s  time  to  take 
action,  no  matter  the  state  of  the  economy. 
But  first  the  executive  board  has  to  give  the 
thumbs-up.  And  when  times  are  tough,  sell¬ 
ing  infrastructure  projects  can  be  problematic. 

To  successfully  sell  a  large-scale  migration 
project  to  executive  leaders,  CIOs  must 
present  decisive  evidence  that  the  project  will 
save  money  and  strengthen  the  business. 

“You  have  to  fully  understand  the  bene¬ 


fits  of  migrating,  and  discuss  those  benefits 
from  a  business  perspective  by  showing  how 
the  project  ties  in  to  the  company’s  strategy,” 
says  A1  Biland,  CIO  of  Snap-On,  a  Kenosha, 
Wis.-based  power  tool  and  equipment  man¬ 
ufacturer  with  $2.1  billion  in  revenues. 
“That  can  be  by  making  the  company  more 
operationally  fit,  by  cutting  costs  or  by  gen¬ 
erating  profitable  growth.” 

When  Murray  became  CIO  of  New  York 
City-based  AIG,  no  one  knew  how  much 
money  the  $46  billion  financial  services 
company  was  spending  on  maintaining  its 
legacy  systems.  He  organized  a  total  cost  of 
ownership  study  that  served  as  a  benchmark 
for  the  cost  of  maintenance  and  illustrated 
how  much  AIG  could  save  in  terms  of 
money  and  efficiency  if  the  company 
migrated  to  a  Java-based  system.  The  figure 
Murray  came  up  with  got  the  attention  of 
his  executive  board.  (Murray  declined  to 
share  that  figure  with  CIO.) 

“I  told  them  that  we  could  be  saving 
30  percent  of  what  we  were  spending  on 
maintenance  if  we  moved  from  mainframe 


to  thin  client,”  he  says.  “Their  jaws  hit  the 
floor.  They  said,  ‘It  costs  us  that  much?’” 

Murray  presented  his  board  with  the  ROI 
of  migrating  over  a  five-year  period  and 
showed  how  the  project  would  increase 
employees’  efficiency  by  reducing  the  hours 
spent  on  manual  processes  and  maintenance. 
The  study  indicated  that  a  migration  would 
drastically  improve  AIG’s  speed  to  market 
and  its  customer  service.  That,  Murray  says, 
made  the  biggest  impression.  “The  executive 
team  liked  hearing  how  the  project  would 
improve  the  business,”  he  says.  “And  they 
gave  us  the  money  we  needed.” 

In  a  cost-cutting  environment,  the  theory 
that  migrating  now  will  provide  a  competitive 
advantage  later  needs  to  be  advanced  with 
caution,  says  Wayne  Kernochan,  managing 
vice  president  of  platform  infrastructure  at  the 
Aberdeen  Group,  a  consultancy  in  Boston. 

“CEOs  and  CFOs  have  to  look  at  the 
issue  in  both  the  short  and  long  term,” 
Kernochan  explains.  In  order  for  them  to 
believe  that  their  CIO  understands  their 
position,  the  CIO  must  acknowledge  that 


Your  Modernization  Migration  Toolkit 

What  your  partners  and  competitors  are  using  to  rebuild  or  replace  their  legacy  applications  right  now 


THIS  LIST  was  derived  from 
interviews  with  information 
executives  involved  in  large- 
scale  legacy  modernization 
or  migration  efforts. 

JACADA 

Product:  Interface  Server, 
Integrator  and  BPM 
Selling  point:  The  Interface 
Server  provides  a  universal 
interface  layer  between  new 
and  existing  applications.  The 
Integrator  and  BPM  integrate 
legacy  systems  with  CRM  and 
e-business  applications. 
Customers:  Boeing,  Delta 
Airlines,  Volvo 
URL:  www.jacada.com 


MICROFOCUS 
Product:  EnterpriseLink  with 
Component  Generator 
Selling  point:  Users  can  mine 
legacy  applications  for  busi¬ 
ness  rules,  integrate  with  new 
applications  or  put  a  new  Web 
front  end  on  their  legacy  appli¬ 
cations. 

Customers:  New  York  City 
Board  of  Education,  Ramada 
Express  Hotels,  ABC-TV 
URL:  www.microfocus.com 

RELATIVITY  TECHNOLOGIES 
Product:  RescueWare 
Selling  point:  The  tool  identi¬ 
fies,  isolates  and  repackages 
data  and  business  processes 


wrapped  up  in  old  code. 
Customers:  Charles  Schwab, 
National  City,  UBS  PaineWebber 
URL:  www.relativity.com 

SEAGULL 

Product:  Various  (BlueZone, 
Transidiom,  TTT,  WinJa) 

Selling  point:  The  software 
suite  allows  users  to  do  one  or 
all  of  the  following:  put  a  Web 
front  end  on  their  legacy  appli¬ 
cations  using  a  Web  emulator 
or  by  building  a  user  interface; 
turn  mainframe  applications 
into  Java  or  XML  components; 
translate  applications  into 
other  languages. 

Customers:  Portland,  Ore., 


Police  Bureau,  RLI,  U.S.  Secret 
Service 

URL:  www.seagullsw.com 

SEEC 

Product:  Mosaic  Studio 
Selling  point:  The  tool  mines 
legacy  applications  for  busi¬ 
ness  rules  and  uses  the  infor¬ 
mation  to  create  component- 
based  programs  in  Enterprise 
JavaBeans  or  XML. 

Customers:  Canada  Life 
International,  Nationwide 
Insurance,  Temple  University 
URL:  www.seec.com 

-S.K. 


62  CIO  MARCH  15.  2002  •  www.c/o.com 


V 


I 


... 


i 


\\  * 


-u 


p 


wM 


\ 


■m 


It's  about  perspective  At  Lockheed  Martin,  we  understand 


the  complex  interconnectivities  and  the  fragile  balance  between 
individuals  and  across  systems.  And  we’re  bringing  that  hard-earned 
knowledge  to  IT  outsourcing. 


* 


Case  in  point  :  The  U.S.  Chamber  of  Commerce,  the  world’s 
largest  non-profit  business  federation,  engaged  Lockheed  Martin 
to  upgrade  their  infrastructure  and  accelerate  system  implementation. 
The  resulting  collaboration  enabled  the  U.S.  Chamber  to,  not  only 
meet  their  financial  goals,  but  also  to  educate  their  staff  on  the  benefits 
of  using  IT  to  solve  business  problems. 


We  know  how  it  can  work.  Better,  faster,  stronger. 


wamm 


Lockheed  Martin.  Continuing  to  bring  our  30-year  heritage  of  big 
picture  thinking  and  detailed  focus  to  IT. 


LOCKHEED  MARTIN 

INFORMATION  TECHNOLOGY 


Z! 


www.  i  t .  lock  heed  mart  in  .com 


Cover  Story 


IT  Infrastructure 


that  needs  to  be  excised.  It's  not  a  choice.  If 


,  your 


iDAVlP  R.  .GUZMAN,  SENIOR  VP  AND  CIQ,  OWENS  &  MINOR 


your 
to  change.” 


the  ROI  of  infrastructure  modernization  will 
not  immediately  be  realized  even  as  he 
demonstrates  that  spending  now  will  reduce 
maintenance  costs.  At  the  same  time,  the 
CIO  can  argue  that  “once  we’re  out  of  the 
downturn,  the  advantages  of  revamping 
business  practices  now  will  become  very 
clear,”  says  Kernochan. 

Plus,  the  pain  of  migration,  in  both  cash 
and  time,  is  not  what  it  once  was. 

SO  YOU  THINK  YOU 
KNOW  MIGRATION 

ight  or  nine  years  ago,  there  were  few 
options  for  migrating  or  renovating 
applications.  CIOs  could  either  re¬ 
build  or  replace  software  systems,  and  either 
choice  was  extremely  time-consuming  and 
expensive. 

In  1992,  Snap-On’s  Biland  decided  to  get 
rid  of  the  Cobol-based,  homegrown  IBM 
mainframe  applications  that  his  company 


relied  on  and  replace  them  with  a  Baan  plat¬ 
form.  “We  had  green-screen  terminals  and 
not  a  lot  of  functionality,”  Biland  recalls. 
“The  legacy  applications  didn’t  give  us  the 
level  of  detail  around  inventory  and  trans¬ 
action  data  that  we  needed.” 

Six  years  and  millions  of  dollars  later,  the 
new  platform  was  in  place. 

Today,  businesses  have  more  options  than 
replace  or  rebuild.  There  are  tools  that  can 
do  anything,  from  delving  into  legacy  data, 
plucking  out  relevant  business  rules  and 
rewriting  them  in  Java  or  XML,  to  attaching 


a  Web  front  end  on  to  an  intact  legacy  data¬ 
base,  and  everything  in  between.  The  tools 
are  fast  and  relatively  cheap,  particularly 
compared  with  the  cost  of  migrating  an 
enterprise  to  an  ERP  platform. 

Owens  &  Minor’s  Guzman,  for  example, 
had  no  desire  to  go  through  an  ERP  imple¬ 
mentation.  “ERP  projects  take  too  long, 
they  generally  don’t  turn  out  well,  and  they 
cost  too  much,”  he  says.  But  something 
needed  to  be  done  with  the  cumbersome, 
multilayered,  15 -year-old  applications  that 
contained  the  contracts  and  pricing  systems 


It's  true!  The  numbers  are  in  and  it  all  adds  up.  Unicenter,  the 
global  leader  in  infrastructure  management  solutions,  can  deliver 
a  whopping  663%  ROI.  Just  ask  IDC.  It's  right  there  in  their 
recent  white  paper.  And,  because  Unicenter  is  now  modular,  you 
can  buy  just  the  pieces  you  need,  just  when  you  need  them. 


Unicenter' 

Infrastructure  Management 
663%  Return  on  Investment 


64  CIO  MARCH  15.  2002  •  www.cio.com 


for  the  company.  To  upgrade,  Guzman 
couldn’t  go  to  the  original  vendor — 
KnowledgeWare — because  it  was  out  of 
business.  And  Owens  &  Minor’s  heavily 
customized  applications  ran  OS/2,  which 
IBM  no  longer  supports. 

“Legacy  applications  are  a  cancerous  prob¬ 
lem  that  needs  to  be  excised,”  Guzman  says 
dramatically.  “It’s  not  a  choice.  If  your  busi¬ 
ness  is  changing,  your  systems  have  to  change. 
We  needed  the  ability  to  do  things  like  multi- 
currency  transactions  over  the  Web,  and  the 
old  system  was  completely  inflexible.” 

Still,  the  old  contracts  and  pricing  system 
contained  extremely  complex  business  rules 
and  mathematical  computations  that  were 

cio.com _ 

To  see  more  articles  on  LEGACY 
MODERNIZATION  AND  MIGRATION, 
go  to  www.cio.com/infrastructure. 


vital  to  Owens  &  Minor’s  dynamic  pricing 
methods.  The  legacy  system  set  a  separate, 
unique  price  for  every  product  for  every  sin¬ 
gle  Owens  &  Minor  client,  taking  into 
account  literally  dozens  of  factors.  Guzman 
didn’t  even  want  to  think  about  losing  that 
functionality.  So  he  took  a  gamble  on  a  tool 
by  Relativity  Technologies  that  promised  to 
uncover  the  vital  business  processes  buried 
in  the  old  system,  turn  them  into  Web-ready 
components  and  translate  the  Cobol  and 
CICS  into  Java. 

Guzman  tested  the  tool  on  three  master 
files  containing  EDI  maps  and  customer 
information.  Within  six  months,  the  test 
project  was  complete. 

“It  easily  would  have  taken  us  years  to 
modernize  via  hand-coding,”  he  says.  “And  it 
easily  would  have  cost  us  tens  of  millions  of 
dollars  to  go  with  SAP  or  Oracle.  So  far  we’ve 
spent  about  $1  million  on  this  project.” 

Guzman  is  taking  the  transformation  one 


step  and  one  application  at  a  time.  “We 
should  complete  the  whole  thing  within  1 8 
months  and  for  less  than  $5  million,”  he  says. 


NO  TIME  LIKE  RIGHT  NOW 


Modernizing  legacy  applications  is 
a  huge  task,  and  it  has  both  risks 
and  rewards.  It’s  easy  to  rely  on 
what  seem  like  stable  systems  and  hope 
they’ll  sustain  the  business  through  a  reces¬ 
sion.  But  these  systems  are  the  technical 
avatar  of  a  company’s  business  strategy,  and 
if  they  aren’t  updated,  the  business  will  begin 
tripping  over  its  own  virtual  feet.  Times  are 
tough,  but  breaking  a  few  proverbial  eggs 
now  could  put  your  company  10  steps  ahead 
of  the  competition.  And  that’s  priceless.  BOS 


Staff  Writer  Simone  Kaplan's  legacy  applications 
live  in  boxes  in  her  basement.  How  are  you  dealing 
with  yours?  Kaplan  can  be  reached  via  e-mail  at 
skaplan@cio.com. 


All  while  still  enjoying  the  benefits  of  pay-as-you-go  licensing.  So  there's 
no  better  way  for  your  company  to  realize  its  true  potential.  And,  if  you're 
the  CIO,  there's  no  better  way  for  you  to  realize  yours. 

To  read  the  white  paper,  just  go  to  ca.com/unicenter/roi. 


Computer  Associates™ 


HELLO  TOMORROW7 


M 


WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS 


TM 


©2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 
Source:  "Quantifying  The  Business  Value  Of  Infrastructure  Management:  An  Empirical  ROI  Study'.'  IDC,  2001. 


6  5 


www.cio.com  •  MARCH  15,  2002  CIO 


The  Truth 


The  real  threat  is  to 
critical  data,  not  to 
property.  That’s  what 
CIOs  should  be 
focusing  on. 

BY  SCOTT  BERINATO 


Marcus  Kempe, 
director  of  operations 
support  for  the 
Massachusetts  Water 
Resource  Authority: 
“To  us,  cyberterrorism 
is  a  lower-level 
threat.” 


PHOTO  BY  FURNALD/GRAY 


Cybersecurity 


Part  One 


Cyberterrorism 


t  is  a  crisp  winter  morning.  The  sun  rising  over  Boston  Harbor  blinds 
as  it  strikes  the  white  oil  drums  on  the  industrial  edge  of  Chelsea.  Marcus 
Kempe,  director  of  operations  support  at  the  Massachusetts  Water 


Resource  Authority  (MWRA),  is  showing  off  the  crescent-shaped 
bank  of  computers  that  control  the  flow  of  water  pumped  into 
2.5  million  faucets  across  eastern  Massachusetts  every  day. 

These  are  the  computers  that  would  have  to  be  hacked  in  order 
to  carry  out  a  cyberattack.  And  these  days,  most  of  Kempe’s  job 
involves  planning  against  such  an  eventuality.  But  he  is  not  particu¬ 
larly  worried  about  it. 

“You’re  talking  about  ridiculous  barriers,”  says  Kempe,  who  is  a 
25-year  veteran  of  the  MWRA  and  oversees  its  computer  infrastruc¬ 
ture.  “Could  a  computer  attack  get  us  to  a  high-consequence  event? 
Probably  not.” 

First,  Kempe  says,  a  hacker  would  have  to  worm  into  the  IT 
infrastructure.  Then,  he’d  have  to  hop  over  a  firewall  and  slip  into 
the  MWRA’s  SCADA  (supervisory  control  and  data  acquisition) 
system  (the  crescent-shaped  bank  of  computers)  through  one  of  two 
very  narrow  access  points.  Finally,  he  would  have  to  plant  surrepti¬ 
tious  code  that  would  allow  remote  control  of  the 
chemical  distribution  or  even  the  flow  of  water 
itself.  (To  learn  more  about  the  obstacles  a  hacker 
would  have  to  hurdle  at  the  MWRA,  read 
“Debunking  the  Cyberterrorist  Threat  to  Water 
Utilities,”  at  ivww.cio.com/printlinks.) 

“You’re  talking  about  three  hacks,”  says 
Kempe.  “To  us,  cyberterrorism  is  a  lower-level 
threat.” 

Since  Sept.  11,  it’s  been  almost  unpatriotic  to 


suggest  that  the  threat  of  cyberterrorism  is  anything  other  than  dire. 
But  CIOs  and  security  experts  are  beginning  to  challenge  the  assump¬ 
tion  that  a  hack  on  the  nation’s  critical  infrastructure  will  be  the 
next  big  terrorist  outrage.  In  fact,  cyberterrorism  may  not  be  nearly 
as  worrisome  as  some  would  make  it.  That’s  because  it  is  utterly 
defensible.  And  CIOs  can  play  a  crucial  role  in  the  defense. 

DEFINING  THE  THREAT 

s  was  the  case  with  so  many  New  Yorkers,  Sept.  11 
inspired  Ed  Cannon  to  get  involved.  Within  a  couple  of 
weeks  of  the  attack,  Cannon,  executive  vice  president 
and  CIO  of  the  global  marketing  communications  company  Grey 
Global  Group  in  New  York  City,  had  formed  the  Information  Civil 
Defense  Group  (ICDG).  He  envisions  ICDG  as  a  sort  of  neighbor¬ 
hood  watch  group,  where  the  neighborhood  is  the  private  sector’s 
critical  infrastructure  and  the  residents  are  concerned  CIOs.  ICDG 
will  stage  seminars  for  CIOs  and  work  with 
Washington  on  security  standards  around  criti¬ 
cal  infrastructure. 

So  far,  Cannon  has  100  volunteer  CIOs  and 
has  met  with  Richard  Clarke,  special  adviser  to 
the  president  for  cyberspace  security,  in  the  Office 
of  Homeland  Defense.  About  80  percent  to 
90  percent  of  critical  technology  infrastructure 
resides  in  the  private  sector,  and  that  puts  pri¬ 
vate  sector  CIOs  in  a  unique  position  of  leader- 


Reader  ROI 

►  Gain  a  clear  and  concise 
definition  of  cyberterrorism 

►  Learn  which  threats  are 
plausible  and  which  are  not 

►  Understand  what  the  threat 
of  cyberterrorism  means  to 
the  future  of  infosecurity 


See  "How  to  Plan  for  the  Inevitable”  on  Page  74  to  learn  how  to  respond  to  cyberterrorism. 

I 


www.cio.com  *  MARCH  15,  2002  CIO  67 


Cybersecurity 


Part  One 


ship.  They  run  the  systems  that  need  to  be 
protected  against  terrorist  threats. 

“We  CIOs  have  the  responsibility  for  man¬ 
aging  this,”  Cannon  says.  “We  have  a  real 
role  to  play.” 

The  first  order  of  business  is  defining 
cyberterrorism.  Since  Sept.  11,  threats  once 
considered  digital  aggravations  have  been 
tagged  cyberterrorist  provocations.  Sud- 


must  fulfill  two  criteria:  a  political  motiva¬ 
tion  and  a  destructive  result.  But  computer 
attacks  usually  satisfy  only  one:  the  motiva¬ 
tion.  It’s  far  more  difficult  to  cause  destruc¬ 
tion  with  computers.  If  phones  don’t  work, 
it’s  annoying,  perhaps  costly,  even  danger¬ 
ous,  but  not  in  and  of  itself  destructive.  Even 
the  most  often  cited  cyberterrorist  threat — 
shutting  down  the  Internet — is  that  really 


The  Spectrum  of  Cybermalfeasance 

Level  of  threat  to  national  security :  greatest  to  least 


1.  INFORMATION  WARFARE 
State-sponsored  use  of  computers  in 
military  action 

2.  INFORMATION 
COUNTERINTELLIGENCE 
State-sponsored  use  of  computers  to 
gain  knowledge  on  a  foe 

3.  CYBERTERRORISM 

Use  of  computers  to  cause  terror, 
death,  destruction  or  massive  economic 
turmoil,  often  by  a  party  not  affiliated 
with  any  state 

4.  CYBER  ORGANIZED  CRIME 

Use  of  computers  by  a  cartel-like  group 
for  the  purpose  of  stealing  or  traffick¬ 
ing,  usually  money 


5.  INFORMATION  VENDETTAS 
Use  of  computers,  usually  by  an  insider 
or  sanctioned  by  an  insider,  to  sabotage 
an  organization  to  create  public 
embarrassment  or  to  gain  at  the 
expense  of  that  organization 


6.  CYBERCRIME 

Use  of  computers  to  steal  money,  credit 
card  data  or  personal  information  for 
use  in  extortion  schemes  or  to  gain 
notoriety  as  a  hacker 


7.  CYBERHOOLIGANISM 
Using  computers  for  digital  vandalism 
and  low-level  destruction,  such  as  web¬ 
site  defacement,  virus  propagation  or 
“hacktivism”— that  is,  using  those  tools 
to  get  a  message  across 

°  °  SOURCE;  NIPC 


denly,  encryption  was  not  a  software  fea¬ 
ture  but  a  weapon  in  the  cyberterrorist’s 
arsenal.  Knocking  out  e-mail  was  cyberter¬ 
rorism.  One  widely  quoted  security  consul¬ 
tant  warned  of  the  threat  posed  by  the  fans 
on  computers,  which  can  “breathe”  and 
spread  deadly  bacteria.  Is  this,  then,  a  form 
of  “bio-cyberterrorism”?  The  term  lost  its 
meaning  as  it  stretched  to  keep  pace  with 
flights  of  anxiety. 

This  is  how  the  National  Infrastructure 
Protection  Center  (NIPC)  under  Director 
Ron  Dick,  a  key  figure  in  the  government’s 
infrastructure  protection  scheme,  defines 
cyberterrorism:  a  criminal  act  perpetrated 
through  computers  resulting  in  violence, 
death  and/or  destruction,  and  creating  terror 
for  the  purpose  of  coercing  a  government 
to  change  its  policies. 

So  to  qualify  as  cyberterrorism,  an  act 


destructive,  or  just  a  massive  inconvenience? 
Most  experts  believe  it’s  the  latter.  Very  few 
malicious  uses  of  technology  qualify  under 
Dick’s  definition  of  cyberterrorism. 

“It’s  a  bad  word.  Cyberterrorism  is  not 
terrorism  in  cyberspace  because  there  is  no 
terror  there,”  says  security  expert  Bruce 
Schneier,  CTO  and  founder  of  Counterpane 
Security  in  Cupertino,  Calif.  He  distinguishes 
between  the  term  cyberterrorism  and  what 
he  calls  “cyberhooliganism,”  which  would 
include  viruses,  website  defacement  and  so 
forth.  “Computers  can  be  a  vector  for  ter¬ 
rorism  just  as  the  mail  system  has  become  a 
vector  for  terrorism.  But  if  the  mob  goes  and 
shoots  up  a  convenience  store,  we  don’t  call 
that  terrorism.  Think  of  the  horrible  crimes 
we  don’t  call  terrorism,”  says  Schneier.  “So 
if  you  shut  down  the  Internet” — a  feat 
Schneier  and  others  warn  is  plausible  and  not 


unlikely — “yes,  it’s  a  huge  malicious  attack, 
but  it’s  not  terrorism.” 

Both  Schneier  and  Dick  agree  that  the 
definition  of  cyberterrorism  includes  two 
clear  subcategories  of  cyberterrorist  threats. 

1)  The  physical  infrastructure  threat:  com¬ 
promising  critical  systems  to  severely  affect 
critical  physical  infrastructure,  such  as  power 
grids,  water  and  sewer  systems,  dams,  hos¬ 
pital  equipment,  pipelines,  communications, 
global  positioning  satellites,  air  traffic  sys¬ 
tems  or  any  other  networked  system,  which 
would  result  in  death  and/or  destruction. 

2)  The  critical  data  threat:  compromising 
critical  computer  systems  to  steal  or  irre¬ 
versibly  damage  vital  data,  such  as  the  Social 
Security  database,  a  large  financial  institu¬ 
tion’s  records  or  secret  military  documents, 
which  would  result  in  death,  destruction 
and/or  catastrophic  economic  turmoil. 

Of  these  scenarios,  the  first — hacking  to 
terrorize  utilities — has  dominated  the  cyber¬ 
terrorism  dialogue.  But  are  these  systems 
really  networked,  and  if  they  are,  why  did 
companies  and  public  agencies  open  critical 
infrastructure  to  obvious  vulnerabilities? 

SEDUCED  BY  THE  WEB 

f  I  ^  o  answer  those  questions,  we  have 
to  go  back  and  look  at  how  infra- 

-JL.  structure  adapted  to  the  introduc¬ 
tion  of  computers.  In  the  1970s,  computers 
made  it  possible  to  network  command  and 
control  functions  of  systems  like  the  power 
grid  or  dams  or  communications  switches. 
Remote  control  was  considered  a  boon  to 
routine  maintenance;  it  created  new  efficien¬ 
cies.  Ironically,  it  was  also  deemed  a  good 
defense  against  terrorism;  the  government 
feared  onsite  attacks.  The  notion  that  some¬ 
one  could  manipulate  a  computer  to  affect 
infrastructure  was  considered  a  bit  of  science 
fiction. 

In  the  1980s  and  early  ’90s,  SCADA  sys¬ 
tems  matured  and  came  to  dominate  critical 
physical  infrastructure.  With  SCADA,  power 
companies  could  remotely  control  functions 
like  load  dispatching  (balancing  transformers 
so  that  no  one  power  station  gets  over¬ 
loaded).  Networked  SCADA  looked  like  the 


68  CIO  MARCH  15,  2002  •  www.cio.corr 


A  new  generation  of  higher-performing  business  applications  and  technologies  is  coming. 
But  you  can  get  ready  today,  by  always  choosing  PCs  powered  by  the  latest  Intel®  Pentium®  4 
processors — now  available  at  speeds  up  to  2.20  GHz.  It’s  performance  with  purpose. 
Visit  www.intel.com/info/pentium4  for  more  information. 


i  r 

H 


intel 


'02002  Intel  Corporation.  Intel,  (he  Intel  Inside  logo,  and  Pentium  are  trademarks  or  registered  trademarks  ol  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and 

othei  countries.  All  rights  reserved. 


Sept.  11  inspired 
Ed  Cannon,  executive 
vice  president  and  CIO  of 
the  Grey  Global  Group, 
to  get  CIOs  involved  in 
civic  defense. 


Cybersecurity  |  Part  One 

furure  of  utility  maintenance  and  control. 

The  Nuclear  Regulatory  Commission 
(NRC)  was  the  exception.  After  a  short  eval¬ 
uation,  the  NRC  decided  to  forbid  remote 
control  at  nuclear  plants.  Then  in  the  late 
’90s,  critical  utilities  were,  like  everyone,  bar- 
raged  by  consultants  promising  unprece¬ 
dented  cost  savings  through  the  Internet. 

Kempe  at  the  MWRA  recalls  meetings 
during  the  Web’s  headiest  days,  when  he  and 
his  staff  discussed  the  merits  of  opening  up 
his  systems  to  the  Internet.  “It  was  so  tempt¬ 
ing,”  he  recalled.  “It  looked  so  wonderful — 
the  cost  savings,  the  efficiencies.”  In  the  end, 
the  MWRA  resisted  temptation. 

Not  everyone  did.  Many  utilities,  partic¬ 
ularly  smaller  outfits,  and,  for  arbitrary  rea¬ 
sons,  power  companies,  embraced  the  Web. 
The  ones  who  dove  in  either  didn’t  recognize 
or  didn’t  care  at  the  time  that  they  were  also 
embracing  the  security  weaknesses  inherent 
in  the  public  network. 

Today,  there  remains  an  unsettling  lack  of 
understanding  about  just  how  safe  utilities 
are  from  cyberattack.  Even  NIPC  Director 
Dick  seems  to  have  no  idea  as  to  the  overall 
state  of  networked  infrastructure.  Asked  if  he 
knows  which  utilities  are  vulnerable,  Dick 
says,  “I  don’t  know  that  anyone  knows.” 

WHY  CYBERTERRORISM  IS 
NOT  WORTH  THE  WORRY 

This  much  is  known:  Some  critical 
computers  are  vulnerable.  In  1 997 
a  hacker  shut  down  control  tower 
services  at  the  Worcester,  Mass.,  airport.  The 
incident  didn’t  cause  any  accidents,  though 
service  was  affected.  Three  years  later,  a 
General  Accounting  Office  report  suggested 
the  Federal  Aviation  Administration  com¬ 
puters  were  vulnerable.  And  in  Maroochy 
Shire,  Australia,  in  April  2000,  a  disgrun¬ 
tled  consultant-turned-hacker  compromised 
a  waste  management  control  system  and 
loosed  millions  of  gallons  of  raw  sewage  on 
the  town. 

The  hacker  had  deep  knowledge  of  the 
system,  and  he  had  stolen  sewage-control 
software  on  his  laptop.  He  spent  two  months 
getting  into  the  system  from  the  outside. 


The  good  news — besides  the  lack  of 
human  casualties  (marine  life  died) — is  it 
took  this  former  insider  46  tries  to  unleash 
the  waste;  the  bad  news  is  that  those  man¬ 
aging  this  critical  infrastructure  missed  his 
first  45  attempts. 

It  wasn’t  cyberterrorism.  But  even  so, 
many  view  the  cyberterrorist  threat  to  com¬ 
puter  infrastructure  as  largely  implausible. 

Why?  For  one,  experts  say  terrorism  is 
like  lightning.  It  takes  the  path  of  least  resis¬ 
tance  to  its  end.  And,  right  now,  it’s  easier 
to  blow  something  up  than  to  figure  out 
how  to  damage  it  by  hacking  into  and 
manipulating  a  computer  system. 

Take  the  MWRA.  After  Sept.  1 1,  Kempe’s 
first  order  was  not  to  lock  down  computers; 
it  was  to  erect  Jersey  barriers,  weld  manhole 
covers  and  call  in  the  National  Guard. 
Terrorists  want  to  make  an  immediate 
impact,  and  cyberterrorism  is  largely  quiet. 

“Terrorists  need  to  make  a  big  splash,  to 
draw  headlines,”  says  Mike  Hager,  vice 
president  of  security  at  Oppenheimer  Funds 
in  Engelwood,  Colo.,  who  was  at  the  World 
Trade  Center  Sept.  11  and  escaped  after 


both  planes  hit.  “The  type  of  cyberterrorist 
attack  pulled  off  would  have  to  be  huge.” 
According  to  Hagar,  the  fact  that  a  hacker 
turned  some  lights  out  wouldn’t  convey  any 
terrifying  message.  “The  terrorists  [on  Sept. 
11]  could  have  hacked  into  the  power  sys¬ 
tem  of  the  World  Trade  Center.”  They 
didn’t,  because  that  wouldn’t  have  made  a 
statement. 

Security  expert  Rob  Rosenberger  feels 
much  of  the  rhetoric  about  cyberterrorism 
is  political  posturing  to  gain  funding.  “The 
information-war  people  say  this  cyberterror¬ 
ist  threat  is  out  there,  but  they  never  pro¬ 
vide  any  plausible  scenarios,”  says  Rosen¬ 
berger,  director  of  Vmyths.com,  an  inde¬ 
pendent  website  that  squelches  virus  myths 
and  general  computer  security  hysteria.  “I’m 
asking  for  reality,  and  I’m  not  getting  it.” 


THE  REAL  THREAT 

osenberger  fears  the  second  scenario 
far  more — cyberterrorist  attacks  that 
.destroy  critical  data.  And  he’s  not  the 
only  one. 

The  general  state  of  data  security  is  woe- 


PHOTO  BY  EDWARD  SANTALONE 


"Tallan  is  different  from  other 

TECHNOLOGY  FIRMS.  THEY  GET  THE 


job  done.  Period.” 


Most  of  our  client  comments  are  equally  flattering.  Why?  We  become  deeply  involved  in  clients’ 
businesses  -  delivering  software  development,  enterprise  infrastructure,  creative  design  and 
strategic  technology  direction.  Our  highly  skilled  project  teams  are  often  considered  to  be  valued 
members  of  clients’  IT  organizations.  Plus,  we  work  smarter  by  staying  on  top  of  the  best 
new  solutions  for  e-business/e-commerce,  data  warehousing,  supply  chain,  and  enterprise 
application  development.  The  result:  unmatched  client  satisfaction.  And  some  really  nice  quotes. 


Tallan 

Raise  Your  IT  IQ 


Call  us  to  discuss  your  next  project  at  1-877-9TALLAN 
Or  visit  www.tallan.com 


TALLAN  CLIENTS  INCLUDE: 


MMES&meu 


TALLAN  IS  A  REGISTERED  TRADEMARK  OF  TALLAN,  INC.  ALL  OTHER  TRADEMARKS  ARE  THE  PROPERTY  OF  THEIR  RESPECTIVE  HOLDERS 


Cybersecurity  |  Part  One 

ful,  again,  thanks  to  the  Web.  Despite  un¬ 
precedented  spending  on  security  in  the  past 
three  years,  more  hacks  than  ever  are  suc¬ 
cessful,  they  are  easier  to  create  and  carry 
out,  and  they  produce  ever  more  devastat¬ 
ing  results.  Most  of  those  threats  are  not 
through  disablement  but  rather  corruption: 
tricking  a  system  into  doing  the  wrong  tasks 
while  it  supposes  it’s 
working  normally. 

Parasites — tiny  com¬ 
puter  programs  that 
live  in  databases  and 
slowly  corrupt  the  data 
and  its  backups — 
could  wreck  a  crucial 
database  like  Social 
Security.  Or  a  hacker  could  penetrate  a  phar¬ 
macy  chain’s  network  or  hospital  database, 
causing  fatal  medical  errors  when  a  patient 
takes  a  prescription  drug.  If  you  want  to 
raise  hell  on  airlines,  you  hack  the  reserva¬ 
tion  system,  says  Schneier.  If  you  want  to 
cyberterrorize  airlines,  you  hack  the  weights 
and  measures  computers  that  control  planes’ 
fuel  and  payload  measurements. 

Such  “fringe  systems”  are  seen  as  the 
most  vulnerable  to  data  corruption.  “The 
threat  to  data  is  absolutely  more  of  a  con¬ 
cern,”  says  Hager.  “It’s  so  much  easier  to 
attack,  and  there  are  so  many  more  targets.” 

In  any  case,  the  threat  of  cyberterrorism 
is  deemed  most  plausible  as  a  supplement  to 
a  larger  terrorist  attack.  In  other  words,  we 
shouldn’t  think  about  cyberterrorism  as  the 
next  great  threat  after  the  physical  horror  of 
airplane  hijacking  and  the  biological  horror 
of  Anthrax.  Rather,  cyberterrorism  is  some¬ 
thing  smaller  that  will  be  used  to  amplify 
those  far  greater  horrors. 

“I  keep  going  back  to  Sept.  1 1  and  won¬ 
dering  how  bad  it  would  have  been  if  the 
Code  Red  worm  hit  at  the  same  time — the 
level  of  anxiety  and  panic  that  would  have 
caused,”  says  Grey  Global’s  Cannon.  “Hav¬ 
ing  e-mail  was  one  of  the  saving  graces  of 
that  day.” 

The  good  news  is  that  protecting  against 
any  security  threat  protects  against  cyberter¬ 
rorism.  Kenneth  Niemi,  CIO  of  the  Min¬ 


nesota  State  University  System,  learned  that 
recently  when  he  faced  a  two-and-a-half- 
week  employee  strike.  It  turned  into  a  de 
facto  antiterrorist  exercise.  Niemi  found  him¬ 
self  planning  a  defense  against  disgruntled 
employees  who  possessed  the  two  keys  to 
any  security  breach — knowledge  and  access. 

Niemi’s  greatest  takeaway  from  this  exer¬ 
cise  was  how  much 
physical  and  IT  secu¬ 
rity  should  and  can 
intersect.  (For  more 
information  on  this, 
read  “How  to  Plan  for 
the  Inevitable,”  Page 
74.)  Since  Sept.  11,  the 
trend  toward  combin¬ 
ing  aspects  of  IT  security  with  onsite  security 
has  accelerated.  “We  made  key  card  access 
enforceable  24  hours  a  day.  We  require  cer¬ 
tain  employees  to  take  their  laptops  home 
in  case  we  need  to  deal  with  a  situation 
remotely,”  Niemi  says. 

Niemi  also  formalized  the  process  of  reg¬ 
istering  guests  who  enter  his  building  and  is 
adding  computer  lab  surveillance. 

Cannon  has  also  tightened  physical  secu¬ 
rity  by  revoking  several  employees’  access 
to  the  data  center.  He  also  moved  many  con¬ 
soles  out  of  the  data  center,  all  in  an  effort 
to  reduce  traffic  near  critical  systems. 

The  MWRA  already  has  tight  integration 
of  physical  and  network  security.  To  begin 
with,  the  computers  are  in  a  locked  room, 
which  is  accessible  by  key  card  and  manned 
24/7.  Visitors  check  in  and  check  out  at  the 
front  desk,  and  after  visitors  leave,  their  host 
sends  a  memo  to  senior  management  detail¬ 
ing  the  visit. 

SCADA  connects  through  a  private  line 
(soon,  via  microwave)  to  pump  stations  and 
reservoirs.  If  something  goes  wrong  at  a 
water  facility,  an  alarm  sounds  both  onsite 

cio.com _ 

For  more  information,  visit 
www.cio.com/printlinks  and  check 

out  our  SECURITY  RESEARCH 
CENTER  at  www.cio.com/security. 


Very  few  malicious 
uses  of  technology 
actually  qualify 
as  cyberterrorism. 


and  at  the  SCADA  operations  centers.  The 
alarm  also  flashes  on  the  computers,  and  it 
can’t  be  shut  off  until  a  formal  acknowledge¬ 
ment  of  the  alarm  is  made  and  physically 
logged  by  a  person  with  clearance  to  do  so. 

“Roving  crews”  periodically  go  to 
MWRA  pump  stations  and  storage  sites  to 
check  the  integrity  of  the  facilities  and  their 
connection  to  the  control  computers.  Most 
of  the  sites  are  under  surveillance. 

“I  see  IT  and  these  physical  security  rules 
meshing  more  and  more,”  says  Cannon. 
“Especially  when  you  talk  about  disgruntled 
employees  and  screening.  But  it’s  a  fine  line. 
We  want  to  treat  employees  like  adults.  Cut 
off  too  much  access  and  you’re  saying  you 
don’t  trust  them.” 

Besides  meshing  physical  and  IT  security, 
two  other  measures  CIOs  can  take  are  to  get 
involved  and  share  information  with  each 
other.  Joining  Cannon  in  the  Information 
Civil  Defense  Group,  meeting  with  govern¬ 
ment  groups  like  the  National  Infrastructure 
Protection  Center,  raising  awareness  of  the 
cyberterrorist  threat  within  one’s  own  com¬ 
pany  and  opening  security  dialogues  with 
peers  are  all  important  steps  to  take. 

Six  months  after  the  Sept.  11  attacks, 
there’s  a  great  deal  of  optimism  among  tech¬ 
nology  professionals  about  their  ability  to 
deflect  the  cyberterrorist  threat. 

“[Awareness]  is  a  big  reason  for  opti¬ 
mism,”  says  Alan  Paller,  security  expert  and 
director  of  research  at  the  SANS  Institute  in 
Bethesda,  Md.  “The  operations  guy  is  get¬ 
ting  a  call  from  the  vice  chairman,  someone 
really  high  up,  who’s  asking  what  the  com¬ 
pany  is  doing  about  this  threat.  That  con¬ 
versation  has  never  happened  before. 
Underneath  there  are  still  a  lot  of  vulnera¬ 
ble  systems  out  there,  but  I  believe  cyberter¬ 
rorism  is  very  hard  to  pull  off. 

“My  newest  speech  is  about  this  topic, 
and  it’s  not  look  how  life  is  ending,’”  Paller 
adds.  “It’s  optimistic.  There  are  many  more 
reasons  for  optimism  now  than  there  were 
six  months  ago.”  BE! 


Got  any  cyberterrorism  stories  to  tell?  E-mail  Senior 
Writer  Scott  Berinato  at  sberinato@cio.com. 


72  CIO  MARCH  15,  2002  •  www.cio.com 


Here  are  three-hundred-eighty-nine- 

thousand-four-hundred  and  thirty-four  reasons  why  you'll  thank  HP  for  building  the 


Superdome  server.  That's  the  number  of 
transactions  per  minute  it  recorded, 
according  to  the  latest  TPC-C  benchmark 
results.  You'll  appreciate  how  much  more 
productive  you  can  be  with  a  UNIX®  server 
that's  76%  faster  than  IBM's  highest 
published  non-clustered  TPC-C  result.  That's 
fast  enough  to  satisfy  even  your  most 
demanding  IT  manager.  And  your  CFO 
will  relish  Superdome's  price/performance 
ratio  of  $21.24  per  transaction. 

HP's  Superdome  server  will  have 
you  handling  more  applications,  not  only 
faster,  but  more  reliably.  It's  designed 
with  your  always-on  Internet  infrastructure 
in  mind,  so  you'll  be  working  on  multiple 
projects,  across  multiple  platforms,  with 
ease.  Superdome  is  equipped  to  handle 
the  Intel®  Itanium™  processor  architecture, 
which  HP  co-developed.  This  breakthrough 
technology  blends  high  volume  with  high 
performance,  and  it  will  keep  you  poised 
for  seamless  upgrades.  We  could  give 
you  a  million  more  reasons.  But  why  take 
our  word  for  it?  Check  the  Top  500 
Supercomputer  Site  list. 

Infrastructure:  it  starts  with  you. 

Find  out  how  Superdome  is 
helping  Amazon.com  dramatically 
increase  their  performance.  Visit 
www.hp.com/large/ Superdome 
for  your  copy  of  The  HP  Superdome 
Advantage  resource  guide. 

Or  call  1  -800-HP-ASK-ME 


invent 


HP's  TPC-C  benchmark  of  389,434  transactions  per  minute  was  achieved  on  a  64-way  PA  8700  Superdome  running  Oracle9i  Database.  As  an  OLTP  system  benchmark,  TPC-C  simulates  a 
complete  environment  and  is  modeled  after  actual  production  applications  and  environments  rather  than  stand-alone  computer  tests  which  don't  evaluate  key  performance  factors  (for  example,  disk 
I/Os,  data  storage,  backup  and  recovery  user  interface,  and  communications).  Price  performance  of  $21 ,24/tpmC.  TPC-C  is  a  copyright  of  the  Transaction  Processing  Performance  Council.  Further 
TPC-C  information  is  available  from  http://www.tpc.org.  IBM's  TPC-C  result,  available  4/13/2001,  is  220,807  transactions  per  minute  running  on  a  IBM  P680  running  Oracle  8i,  with  price 
performance  of  $34. 1  8/tpmC.  Oracle  is  a  registered  trademark;  Oracle8i  and  Oracle9i  are  trademarks  or  registered  trademarks  of  Oracle  Corporation.  Itanium  is  a  trademark  of  Intel  Corporation. 
UNIX  is  a  registered  trademark  of  The  Open  Group.  Amazon.com  is  a  trademark  or  registered  trademark  of  Amazon.com,  Inc.  Total  system  availability  date,  May  15,  2002,  hardware  available 
now.  Limit  one  HP  Superdome  Advantage  resource  guide  per  customer.  Allow  6  to  8  weeks  for  delivery.  ©2002  Hewlett-Packard  Company.  All  rights  reserved. 


When  a  customer 
stumbled  upon  a  security 
breach,  Barry  Woolsey, 
CIO  of  Fleet  Credit  Card 
Services,  got  a  chance  to 
test  his  incident  response 
plan  in  real-time. 


How  to  Plan  for 


Think  you  can’t 
afford  to  create  an 
incident  response 
plan?  Think  again. 
Here’s  a  budget¬ 
conscious  guide 
to  getting  started. 

BY  SARAH  D.  SCALET 


> 


PHOTO  BY  DOMINIC  EPISCOPO 


Cybersecurity 


Part  Two 


the  Inevitable 


or  Barry  L.  Woolsey,  CIO  of  Fleet  Credit  Card  Services,  the 
first  public  test  of  his  plan  for  dealing  with  security  incidents  began  not 
with  a  hacker,  a  cyberterrorist  or  a  disgruntled  employee.  It  started 


when  a  curious  customer  logged  on  to  Mycard.Fleet.com  to  make  a 
credit  card  payment — and  inadvertently  discovered  a  security  hole 
that  would  earn  headlines  on  MSNBC.com  and  force  Fleet  to  shut 
down  its  site  for  five  hours. 

Logging  in  on  a  Friday  afternoon,  Jonathan  Bryce,  a  20-year-old 
online  operations  manager,  noticed  that  the  webpage  where  he 
accessed  his  credit  card  account  had  a  long  identification  number  in 
the  URL.  Wondering  how  Fleet  kept  track  of  transaction  history,  he 
entered  a  random  number.  To  his  shock,  he  pulled  up  someone  else’s 
transaction. 

“The  hole  allowed  you  to  see  people’s  personal  information,” 
says  Bryce,  who  works  for  Rackspace  Managed  Hosting  in  San 
Antonio.  “Mainly  it  was  nonsensitive  information,  but  there  were 
several  cases  where  it  was  personal  information 
like  Social  Security  numbers,  account  numbers 
and  addresses.” 

Alarmed  that  his  account  information  could 
be  compromised,  Bryce  called  the  customer 
service  line  at  Fleet.  After  being  transferred  sev¬ 
eral  times,  he  was  told  that  someone  would  call 
him  back  on  Monday. 

That  wasn’t  good  enough.  Bryce  called  the 
media,  and  hours  later  both  MSNBC.com  and 


The  Boston  Globe  online  had  picked  up  the  story. 

Behind  the  scenes  at  Fleet  Credit  Card  Services,  the  FleetBoston 
Financial  subsidiary  north  of  Philadelphia,  Bryce’s  phone  calls  and 
the  ensuing  media  coverage  set  in  motion  an  incident  response  plan 
long  in  the  making.  It  took  more  than  five  hours  from  the  time  Bryce 
called  Fleet  to  the  time  Woolsey  found  out.  So  while  Woolsey  is  gen¬ 
erally  happy  with  the  way  the  plan  unfolded,  he  acknowledges  that 
it  could  have  worked  better — a  whole  lot  better. 

At  least  Fleet  had  a  plan.  Throughout  most  of  the  business  world, 
incident  response  planning  is  one  of  those  best  practices  that  rarely 
gets  done.  That’s  because  of  its  vague  underlying  assumption: 
Something  could  go  wrong. 

Obviously,  prevention  is  key.  But  in  a  world  where  security  is  noth¬ 
ing  if  not  fallible,  knowing  how  to  respond  to 
a  security  incident — be  it  a  computer  worm, 
mistake,  hacker  or  the  mere  suspicion  of  a  prob¬ 
lem — can  save  a  company  time,  money  and 
even  its  reputation.  Indeed,  a  better  response 
from  the  customer  service  representatives  at 
Fleet  could  have  kept  the  problem  from  mak¬ 
ing  headlines  in  the  first  place. 

Nevertheless,  the  sad  fact  is  that  Fleet  han¬ 
dled  the  situation  better  than  many  companies 


Reader  ROI 

►  Read  about  the  real-life  test 
of  an  incident  response  plan 

►  Learn  why  incident  response 
planning  is  worth  all  the  pain 

►  Find  out  how  planning  ahead 
can  save  time,  money  and 
your  reputation 


See  “The  Truth  About  Cyberterrorism”  on  Page  66. 


www.cio.com  •  MARCH  15,  2002  CIO  75 


Cybersecurity  |  Part  Two 


could  have.  Outside  of  the  heavily  regulated 
health-care  and  financial  services  industries, 
experts  say,  few  companies  are  prepared  to 
deal  with  isolated  security  incidents,  let 
alone  calculated  attacks  from  organized 
crime  or  even,  perhaps,  cyberterrorists.  (For 
more  on  this,  read  “The  Truth  About  Cyber¬ 
terrorism,”  Page  66). 

“There’s  only  now  the  beginning  of 
awareness  that  this  thing  is  needed,”  says 
Jay  Ehrenreich,  senior  manager  in  the  cyber¬ 
crime  prevention  and  response  group  at 
PricewaterhouseCoopers  in  New  York  City. 
“Companies  do  come  to  us  to  help  them 
develop  incident  response  plans,  but  lots  of 
times  it’s  only  after  they’ve  been  burned.” 

And  getting  burned  is  expensive.  Com¬ 
panies  have  spent  billions  of  dollars  recov¬ 
ering  from  malicious  worms  such  as  Nimda 
and  Code  Red.  And  in  a  2001  study  by  the 
Computer  Security  Institute  and  the  FBI, 
respondents  who  could  put  a  dollar  amount 
on  the  cost  of  a  security  breach  averaged 
more  than  $2  million  in  financial  losses. 

Not  everyone  has  to  learn  the  hard  way, 
though.  Here  are  the  steps  to  take  to  jump- 
start  the  process  with  less  time  and  effort 
than  you  might  expect. 

PULL  TOGETHER  A  TEAM.  As 
long  as  upper  management  is  seri¬ 
ous  about  security,  the  first  step  of 
incident  response  planning — pulling 
together  an  incident  response 
team — costs  next  to  nothing.  “Many  com¬ 
panies  envision  this  fully  dedicated,  highly 
paid  SWAT  team  doing  nothing,  waiting  for 
an  emergency,”  Ehrenreich  says.  “It’s  really 
not  that  way.  It’s  almost  like  a  volunteer  fire 
department,  where  people  have  other  duties, 
but  when  there’s  an  emergency  people  re¬ 
spond  to  it.” 

The  night  Fleet  learned  of  its  security 
breach,  Woolsey,  COO  Susan  Gleason  (who 
is  no  longer  with  the  company),  CEO  Patrick 
J.  Coll,  and  representatives  from  the  legal 
team,  communications  department  and 
FleetBoston  gathered  on  a  preestablished 
bridge  telephone  line  to  discuss  how  to  min¬ 
imize  the  damage  to  Fleet’s  customers  and 


its  reputation.  Meanwhile,  the  IS  team 
worked  to  analyze  the  security  breach,  find 
out  what  information  had  been  accessed  and 
fix  the  security  hole.  Based  on  the  IS  team’s 
findings,  the  fraud  de¬ 
partment  then  called 
customers  whose  per¬ 
sonal  information  had 
been  compromised. 

That’s  pretty  typical 
of  the  groups  that  need 
to  come  together  after  a 
security  breach,  al¬ 
though  some  organiza¬ 
tions  would  have  added 
human  resources  to  the 
mix.  The  list  of  team 
members  can  get  long, 
but  not  everyone  needs 
to  be  involved  with 
every  situation.  Also, 
some  people  are  responsible  for  fixing  the 
problem;  others  just  need  to  know  what’s 
happening.  The  incident  response  group  will 
be  closely  aligned  with  or  perhaps  even  the 
same  as  the  business  continuity  or  disaster 
recovery  teams. 

Once  team  members  know  their  role,  a 
project  manager  should  create  a  list  with 
multiple  ways  to  contact  team  members 
24/7.  The  list  should  also  include  contact 
information  for  security  vendors,  Web  host¬ 
ing  companies  and  other  relevant  technol¬ 
ogy  providers,  and  it  should  be  available  in 
hard  copy  at  every  business  location  and  at 
people’s  homes.  The  need  for  that  last  rec¬ 
ommendation  was  painfully  illustrated  on 
Sept.  11. 

COORDINATE  YOUR  EFFORTS. 
The  plan  can’t  stop  with  that 
group.  As  the  Fleet  example  illus¬ 
trates,  everyone  across  the  organi¬ 
zation — right  down  to  the  newest 
person  at  the  call  center — needs  to  know  how 
to  react  to  a  potential  security  breach.  That’s 
why  there  needs  to  be  a  centralized  way  to 
report,  respond  to  and  track  incidents. 
Customer  service  representatives  need  to 
know  who  to  call  about  a  problem;  security 


employees  need  to  know  when  to  call  the 
CIO;  the  CIO  needs  to  know  when  to  call 
the  CEO;  and  someone  needs  to  track  what’s 
going  on  organizationwide  so  that  different 
business  units  can  pre¬ 
pare  for  attacks.  “A  good 
bit  of  incident  response 
is  coordination,”  says 
David  Nelson,  deputy 
CIO  at  NASA,  who’s  in 
charge  of  the  agency’s  IT 
security.  “You  want  to  be 
sure  that  the  right  people 
have  the  right  informa¬ 
tion  at  the  right  time.” 

A  security  incident  at 
any  of  NASA’s  centers  is 
first  reported  to  an  on¬ 
site  IT  security  manager. 
The  incident  is  put  into 
one  of  seven  categories 
ranging  from  a  legitimate  user  misusing  the 
system  to  an  access  problem  in  which  a 
hacker  has  obtained  the  password  of  a  sys¬ 
tems  administrator.  Anything  deemed  seri¬ 
ous  is  reported  immediately  to  the  central¬ 
ized  NASA  Incident  Response  Center 
(NASIRC),  which  shares  this  information 
with  Nelson.  If  the  incident  could  be  crimi¬ 
nal  in  nature,  NASA’s  inspector  general’s 
office  also  gets  involved. 

During  large-scale  attacks  such  as  the 
Code  Red  worm,  NASIRC  sets  up  a  confer¬ 
ence  call  with  IT  security  managers  from  all 
the  centers.  “We  would  in  real-time  go  over 
what’s  happening,  what’s  the  damage, 
what’s  being  done,  and  do  we  have  to  take 
any  extraordinary  measures  to  protect  our¬ 
selves,”  Nelson  says.  “If  we  didn’t  have  [this 
system]  in  place,  we’d  be  like  sitting  ducks 
without  any  means  of  finding  out  that  the 
hunters  are  shooting  at  us.  Our  experience 
is  that  any  substantial  attack  hits  a  lot  of 
computer  systems  or  IP  addresses  or  places 
almost  simultaneously,  and  so  early  aware¬ 
ness  can  help  us  take  appropriate  measures 
before  we’re  all  dead.  That  first  gun  goes  off, 
and  all  the  ducks  fly  out — maybe  one  got 
killed,  and  we’re  sorry  about  that,  but  the 
rest  of  them  are  all  alive.” 


Everyone  in 
your  company- 
right  down  to 
the  newest  person 
at  the  call  center- 
needs  to  know 
how  to  react 
to  a  potential 
security  breach. 


76  CIO  MARCH  15,  2002  •  www.cio.com 


Taking  cost  out  of  your  business, 
re  important  today  than  ever  before 


effectively  address  critical  organizational  goals  and 
challenges. 

But  it  is  our  product  reliability  coupled  with  a 
responsive  nationwide  support  and  service  network 
that  has  companies  like  yours  putting  Brother  laser 
printer  solutions  at  the  top  of  their  requisition  lists. 

Brother's  Commercial  Division  welcomes  the 
opportunity  to  put  our  resources  to  work  for  you. 
Contact  us  today  so  we  can  show  you  how  we  can 
positively  impact  your  bottom  line  while  enhancing 
your  performance. 

For  more  information,  call  1-866-455-7713,  ext.  905 


That's  why  Brother's  Commercial  Division  is  com¬ 
mitted  to  providing  superior  and  reliable  business 
printers  that  increase  productivity  while  reducing 
costs.  This  enables  businesses  like  yours  to  more 


Multi-Function  Solutions 


Color  Laser  Solutions 


At  your  side 


ru  yuui  siuc. 

brother 


©2002  Brother  International  Corporation,  Bridgewater,  NJ  •  Brother  International  Corporation,  Nagoya.  Japan 

For  more  information  please  call  the  Brother  Fax-Back  System  at  800-521-2846  or  visit  our  web  site  at  www.brother.com 


Fax  Solutions 


Desktop  Laser  Solutions 


Network  Printer  Solutions 


Cybersecurity 


Part  Two 


GRANT  AUTHORITY.  One  of 
the  most  political  parts  of  incident 
response  planning — but  one  that 
can  save  precious  time  if  an  attack 
is  successful — is  deciding  ahead  of 
time  who’s  in  charge  of  incident  response 
and  which  people  could  pull  the  plug  on  the 
website  or  network  if  need  be.  But  the  fact 
that  some  people  high  on  the  corporate  food 
chain  have  to  relinquish  control  causes  fric¬ 
tion,  says  Rebecca  Bace,  a  National  Security 
Agency  alum  who  wrote  Intrusion  De¬ 
tection.  Unfortunately,  there  simply  might 
not  be  time  to  contact  everyone. 

“The  velocity  of  [an  intrusion]  proceeds 
in  seconds  or  minutes,  rarely  hours.  If  man¬ 
agement  wants  people  to  be  able  to  respond 
effectively  to  quick-moving  attacks,  they’ve 
got  to  empower  them  to  shut  certain 
portions  of  the  system  down,”  says  Bace, 
who  is  now  a  faculty  member  for  The 
Institute  for  Applied  Network  Security  in 
Waltham,  Mass. 

The  Georgia  Student  Finance  Commission 
in  Tucker,  Ga.,  learned  that  the  hard  way — 
but  in  slow  motion.  Bill  Spernow,  the  com¬ 
mission’s  new  chief  information  security  offi¬ 
cer  (CISO),  was  hired  after  a  public  security 
snafu  in  which  personal  information  about 
HOPE  scholarship  recipients  was  disclosed 
on  the  Internet.  The  organization  was  pain¬ 
fully  slow  in  responding  to  the  breach, 
caused  by  a  technical  error,  because  there 
was  no  one  in-house  who  could  take  control 
of  the  situation  and  shut  down  the  website. 
Now  Spernow  is  in  control. 

“You  can  do  this  [incident  response  plan¬ 
ning]  on  the  cheap  as  long  as  senior  man¬ 
agement  has  come  to  the  decision  that  they’re 
going  to  delegate  this  to  one  person  who  can 
make  a  decision,”  says  Spernow,  a  former 
Gartner  analyst  who  says  he  took  the  job  be¬ 
cause  he  wanted  to  apply  his  advice  in  the 
real  world.  “That  will  always  be  the  biggest 
bottleneck  whether  you’re  a  Mom  and  Pop 
or  a  Fortune  100.  It  ends  up  being  a  very 
intense  political  discussion  that  brings  in  lots 
of  fears  and  control  issues.  And  once  you’ve 
done  that,  you’ve  handled  60  percent  of 
the  problem.” 


Cybersecurity— Cost  and  Effect 

Here  are  the  technologies,  processes  and  strategies  that  will  help  you 
run  an  airtight  system  and  give  you  the  most  for  your  security  dollar 

WHAT  YOU  CAN  DO 

WHAT  YOU  CAN  EXPECT 

Install  basic  hardware  and  software: 
firewalls,  antivirus  programs, 
passwords,  etc. 

Cost:  $$$  Security  rating:  6  6 

Basic  protection.  Despite  the  expense  of 
your  initial  investment,  you  can’t  ignore 
these. 

Buy  advanced  hardware  and  software: 
encryption,  token  authentication,  digital 
certificates  and  signatures,  keystroke 
loggers,  etc. 

Cost:  $$$  Security  rating:  666 

These  offer  far  more  security  than  the 
basics,  and  you  pay  for  it. 

Hire  or  train  programmers  to  write 
security  code. 

Cost:  $$$$  Security  rating:  6  6  6 

Technical  expertise  is  the  rarest— and  most 
expensive— IT  talent.  But  having  these 
minds  around  is  crucial. 

Hire  or  reassign  staff  to  create  and 
enforce  security  policies. 

Cost:  $$  Security  rating:  6  6  6 

Helps  secure  your  everyday  operations. 

Dedicate  one  staffer  to  ongoing 
maintenance  of  security  systems. 

Cost:  $  Security  rating:  6  6  6  A 

This  is  a  low-cost,  highly  cost-effective  way 
to  improve  security. 

Educate  your  staff  and  promote 
awareness  companywide. 

Cost:  $  Security  rating:  6  6  6  6 

Another  low-cost,  highly  effective  way  to 
immediately  improve  security. 

Schedule  regular  virus  and  patch 
upgrades,  firewall  reconfiguration,  PC 
security  audits,  etc. 

Cost:  $$  Security  rating:  666 

Although  this  often  requires  software  or 
services  to  automate  the  updates,  it's  well 
worth  the  cost  to  make  sure  critical 
updates  don’t  fall  by  the  wayside. 

Conduct  regular  security  and  penetration 
audits  or  assessments. 

Cost:  $$$$  Security  rating:  666 

Expensive  but  necessary.  White  Hat 
hackers  will  give  you  detailed  reports  of 
your  security  landscape  and  suggest  ways 
to  improve  the  view. 

Pay  consultants. 

Cost:  $$$  Security  rating:  6  6 

Security  consulting,  while  often  required 
for  projects  or  for  insurance,  is  expensive. 

It’s  also  hard  to  find  consultants  who  have 
both  technical  and  business  expertise. 

Outsource  your  worries. 

Cost:  $$$$  Security  rating:  6666 

Outsourcing  is  quite  expensive,  but  it 
includes  service  guarantees  that  the  enter¬ 
prise  will  remain  secure  no  matter  what. 

78  CIO  MARCH  15,  2002  •  www.cio.com 


Too  many  users. 


Too  many  incompatibilities. 
Too  little  bandwidth. 

Too  many  different  providers. 


Verizon  Integrated  Data  and  Voice  Networking  Solutions. 


Verizon  has  the  integrated  networking  infrastructure  solutions  to  move  your  business  ahead. 


Like  a  lot  of  businesses  these  days,  your  communications  infrastructure  -  voice,  data,  Internet  -  is  your  lifeline. 
Reliability,  responsiveness  and  seamless  network  integration  are  more  critical  to  you  than  ever.  Equally  critical  is 
the  provider  you  rely  on  to  get  you  there.  All  the  more  reason  to  consider  Verizon. 

The  World-Class  Network®  from  Verizon  offers  small  businesses  powerful  voice  and  data  solutions,  like  Frame 
Relay,  dedicated  Internet  access,  ISDN  PRI,  ATM,  and  Channelized  T-1  -  solutions  that  you  can  leverage  to  keep  your 
business  one  step  ahead  of  the  competition. 

You  also  have  the  comfort  of  dealing  with  a  highly  reliable  provider  and  knowledgeable  representatives  who  can 
help  customize  an  integrated  communications  solution  that  is  built  around  your  business’s  specific  needs. 

To  get  a  free  consultation  on  how  Verizon’s  integrated  network  solutions  can  help  move  your  business 
ahead,  and  to  learn  more  about  our  limited-time  promotional  offer,  either  call  1-800-483-6796  or  visit  us  at 
verizon.com/smallbiz/datasolutions14. 


Limited-Time  Offer: 

$1 ,000  off  Cisco®  Router 
(Up  to  62%  Savings) 

No  Upfront  Costs 

When  you  sign  up  for  Frame  Relay 
and  a  two-year  dedicated  Internet 
access  term  by  4/30/02. 


Call  1-800-483-6796  or  visit  verizon.com/smallbiz/datasolutionsf4 


vemon 


©  2002  Verizon.  Cisco  is  a  registered  trademark  of  Cisco  Systems.  Inc.  Dedicated  Internet  service  provided  by  Verizon  Online  and  offer  available  to  new  business  customers  only  who  sign  up  for  Internet  access  and 
Frame  Relay  service  by  4/30/02.  Early  termination  fees  apply,  including  equipment  fee  equal  to  remaining  balance  owed  on  router.  Cost  of  router  (retail  value  $1 ,600— $3,300)  to  be  spread  over  minimum  two-year  term 
commitment  only  with  no  service  charge.  Rebate  redeemed  through  Verizon  Reward  Center.  Instructions  for  claiming  rebate  will  be  provisioned.  Services  not  available  to  all  areas  or  locations  and  are  subject 
to  circuit  availability.  Monthly  price  includes  separate  Global  Services  Provider  fees,  where  applicable.  Additional  fees  may  apply.  All  terms  are  subject  to  change. 


Cybersecurity 


Part  Two 


READY  YOUR  IT.  RESOURCES 
AHEAD  OF  TIME.  No  doubt 
about  it,  the  technical  aspect  of 
intrusion  response  is  the  most 
complicated  part.  The  IS  team  or 
an  outsourced  monitoring  service  has  to  be 
able  to  identify  problems  when  they  do 
occur — by  examining  logs  for  unusual 
behavior,  looking  for  vulnerabilities,  watch¬ 
ing  for  faulty  configurations  and  monitor¬ 
ing  intrusion  detection  systems,  which  can 
generate  a  tremendous  number  of  false  pos¬ 
itives.  “You  have  to  know  when  someone’s 
attacking  you  because  if  you  don’t  know, 
you  can’t  do  anything.  And  that’s  the  hardest 
part,”  says  Michael  Young,  CISO  and  vice 
principal  of  State  Street  Global  Advisors 
in  Boston. 


Once  a  problem  is  identified,  IT  staffers 
need  to  be  able  to  look  at  system  logs  and 
analyze  exactly  what  happened.  Finding  and 
preserving  evidence  is  the  key  to  fixing  a 
problem  and  keeping  it  from  happening 
again.  Also,  knowing  exactly  which  files 
were  compromised  will  help  a  company 
ensure  data  integrity  and  figure  out  which 
customers,  employees  or  business  partners 
may  be  affected.  (To  learn  more  about  com¬ 
puter  forensics,  read  “IT  Autopsy,”  March  1, 
2001,  available  at  www.cio.com/printlinks.) 

Whether  this  can  be  done  in-house  or 
needs  to  be  outsourced  depends  on  the  size 
of  the  company,  how  attractive  a  target  it  is 
to  hackers  and  how  sensitive  its  information 
is.  As  a  general  rule,  the  more  crucial  and 
extensive  a  company’s  information  assets, 


Bill  Spernow,  chief  infor¬ 
mation  security  officer  of 
the  Georgia  Student  Finance 
Commission,  was  hired 
to  correct  an  embarrassing 
security  snafu. 


>  mgm 

vV 

m 

A  «■  .  JM 

cio.com 

For  more  information,  read  the 

“CIO  CYBERTHREAT  RESPONSE 
&  REPORTING  GUIDELINES”  at 

www.cio.com/printlinks.  Included  are: 

■  SPECIFIC  GUIDELINES  on  how  to 

prepare  and  implement  an  incident 
response  plan 

■  AN  INCIDENT  REPORT  FORM 

to  include  with  your  response  plan 

■  A  COMPREHENSIVE  LIST  of  local 
law  enforcement  agencies 


the  more  sense  it  makes  for  executives  to 
keep  security  operations  in-house. 

Fortunately,  though,  the  more  a  company 
works  to  prevent  security  problems  in  the 
first  place,  the  cheaper  it  will  be  to  deal  with 
them  once  they  do  arise.  “An  ounce  of  pre¬ 
vention  is  worth  a  pound  of  cure,  and  that 
absolutely  applies  in  the  cyberintrusion 
space,”  says  Bruce  Moulton,  former  CISO 
at  Fidelity  Investments  and  a  cofounder  of 
the  Financial  Services  Information  Sharing 
and  Analysis  Center. 

DECIDE  WHEN  TO  INVOLVE 
LAW  ENFORCEMENT  Reluctant 
to  call  the  cops  and  risk  having 
customers  and  stockholders  find 
out  about  a  problem?  That’s  nor¬ 
mal.  But  if  a  situation  gets  bad  enough — a 
key  competitor  steals  intellectual  property, 
a  hacker  publishes  customer  records  or  a 
former  employee  takes  down  the  website — 
you  might  change  your  mind.  And  in  some 
cases,  publicity  will  ensue  anyway.  Execu¬ 
tives  can  save  time  and  heartache  by  dis¬ 
cussing  ahead  of  time  what  situations  might 
cause  them  to  call  in  law  enforcement.  For 
most  companies,  these  situations  involve 
serious  financial  loss  that  law  enforcement 
may  help  recover  in  damages,  or  a  high- 
profile  case  that’s  already  publicly  known. 

At  the  University  of  Washington  Aca¬ 
demic  Medical  Center  in  Seattle,  which  suf¬ 
fered  a  security  breach  that  was  reported  by 
The  Washington  Post  and  other  news  out¬ 
lets,  CIO  Tom  Martin  initially  decided  not 


80  CIO  MARCH  15,  2002  •  www.cio.com 


PHOTO  BY  SONNY  WILLIAMS 


When  your  business  is  online,  sealed  documents,  signatures  and  handshakes  no  longer  work. 

Let  RSA  Security  bring  authenticity  to  your  e-business. 


SECURITY- 
The  Most  Trusted  Name  in  e-Security 

www.rsasecurity.com 


Cybersecurity  |  Part  Two 


Bruce  Moulton,  cofounder 
of  the  Financial  Services 
ISAC,  says  that  an  ounce 
of  prevention  in  cyberspace 
is  worth  a  pound  of  cure. 


to  call  the  FBI  because  he  didn’t  think  the 
hacker  had  accessed  any  patient  data.  But  as 
soon  as  he  discovered  otherwise,  he  says,  he 
changed  his  mind. 

“There  is  a  stigma  to  being  a  victim  be¬ 
cause  it  implies  some  level  of  incompetence, 
but  really  it’s  an  inevitability.  As  we  become 
more  Internet-based,  it’s  only  a  matter  of  time 
before  you  have  problems,”  Martin  says.  “To 
underreport  is  a  disservice  to  the  industry.  It’s 
building  in  an  infrastructure  of  illegal  activ¬ 
ity,  and  we  just  decided  we  won’t  tolerate  ille¬ 
gal  activity  or  accept  it  as  a  given.” 

The  threat  of  organized  cyberattacks  or 
even  cyberterrorism  has  made  this  even 
more  of  a  concern,  many  experts  say,  be¬ 
cause  law  enforcement  needs  to  be  able  to 
watch  for  trends  or  attacks  that  spread 
across  companies  and  industries.  For  re¬ 
search  purposes,  Carnegie  Mellon’s  CERT 

82  CIO  MARCH  15,  2002  •  www.cio.com 


Coordination  Center  tracks  security  inci¬ 
dents  and  asks  that  companies  report  even 
unsuccessful  attacks.  (For  more  information, 
visit  www. cert.org. ) 

Increasingly,  companies  are  also  being 
encouraged  to  contact  law  enforcement  out¬ 
side  of  a  particular  security  event.  By  talk¬ 
ing  with  law  enforcement  ahead  of  time,  a 
CIO  or  CISO  is  better  equipped  to  evaluate 
the  impact  of  an  investigation  on  business 
operations,  determine  whether  law  enforce¬ 
ment  might  be  able  to  help  and  find  out  how 
sensitive  information  is  handled  by  the 
authorities. 

“When  we  get  the  call  [after  a  security 
incident]  has  already  happened,  it’s  difficult 
for  us  to  help,”  says  Bob  Weaver,  head  of 
the  Secret  Service’s  New  York  City  Electronic 
Crimes  Task  Force,  which  was  made  a 
national  model  for  information  sharing 


between  law  enforcement  and  business  by 
the  U.S.A.  Patriot  Act,  passed  by  Congress 
shortly  after  Sept.  11.  “Call  who  best  serves 
you.  It  may  not  always  be  federal — you  may 
be  best  served  by  a  local  police  department, 
a  state  police  department,  an  attorney  gen¬ 
eral.  If  you  don’t  have  [that  relationship]  and 
an  incident  does  arrive,  it’s  like  driving  your 
car  down  the  street  and  trying  to  change  the 
tire  while  you’re  doing  it.  And  you  don’t 
want  to  call  1 -800-Law-Enforcement.  You 
don’t  want  to  dial  911.  You  want  to  know 
who  you’re  bringing  in.”  (For  a  list  of  law 
enforcement  contacts,  see  www.cio.com/ 
security /response.)  Once  in  place,  incident 
response  plans  are  morphing,  living  docu¬ 
ments.  As  Fleet  Credit  Card  Services  learned, 
there  are  things  to  be  tested  and  tweaked  and 
learned  from — processes  that  become  better 
and  easier  to  justify  to  management  after 
they’ve  been  used. 

So  the  next  time  that  organization  has  a 
security  incident — be  it  a  malicious  worm 
or  something  more  ominous — the  company 
will  be  that  much  better  prepared.  CIO 
Woolsey  is  working  on  making  sure  cus¬ 
tomer  representatives  know  how  to  handle 
security  calls  from  alarmed  customers,  and 
since  the  security  hole  was  in  a  vendor’s 
application,  he’s  also  instituting  tighter  con¬ 
trols  around  third-party  software.  He’s 
heartened  by  the  fact  that  to  the  best  of  his 
knowledge,  no  customers  have  closed  their 
account  because  of  the  incident. 

“I  guess  the  one  lesson  I  would  walk  away 
with  is  never  assume  that  anything  is  per¬ 
fect,”  Woolsey  says.  “What  you  need  to  do 
is  understand  that  you  can’t  plan  for  every¬ 
thing,  so  you  need  to  have  a  contingency 
that’s  broad  enough  and  open  enough  that 
it  can  in  essence  deal  with  everything.”  BE! 


How  far  along  is  your  incident  response  plan?  Tell 
Sarah  D.  Scalet,  senior  writer  and  security  editor, 
at  sscalet@cio.com. 

A  CIO  Focus  guide  to  incident  response, 

“IT  Security  Breach:  How  to  React, 
Recover  and  Seek  Recourse,”  is  avail¬ 
able  for  purchase  at  www.theciostore.com. 


PHOTO  BY  FURNALD/GRAY 


1 


masg.com  gives  you 
a  handle  on  it 


Now  you  can  have  better  control 
over  your  decision  making  process. 
Tnasg.com  gives  you  the  tools — and 
the  expertise — to  search,  evaluate 
and  select  the  software  products  and 


So  you  can  make  a  better  decision. 

With  masg.com,  you  can  browse 
and  select  the  products  and  vendors 
youYe  interested  in.  Create  your  own 


side-by-side  comparisons,  and  point 

"  Vs  ,  '  ■  _  -■  ..  '■  '  ,  »  .  .  V*'  %  V 


selections  and  even  submits  RFPs, 
RFls  or  RFQs  to  vendors. 


And  speaking  of  control,  you  can  save 
your  work,  or  download  it— -without 
leaving  our  site.  So  log  on  and  see 
how  it  feels  to  be  in  control! 


: 


five  Penn  .Plaza,  Mew  York,  NY  10001 


,800-647-1908 

6-mail:  Tnasg@tpmgnet.com 


ILLUSTRATIONS  BY  AARON  THOMAS  ROTH 


Professional  Services  Automation  Software 


Automating  your  workflow,  knowledge  management 
and  billing  processes  can  work  only  if  employees  and 
managers  are  on  board  ahead  of  time.  Otherwise 
you’re  just  wasting  your  time  and  money. 

BY  PRESTON  GRALLA 


WHEN  INTRIA-HP  OF  TORONTO-A  JOINT  OUTSOURCING  VENTURE  BETWEEN  HEWLETT-PACKARD 


and  Canadian  Imperial  Bank  of  Commerce — was 
formed,  its  executives  had  a  daunting  task  ahead  of 
them:  Transform  an  IT  department  that  had  been  a  cost 
center  into  a  revenue  center  selling  IT  services  to  banks. 

To  aid  in  the  transformation,  the  executives  turned 
to  professional  services  automation  (PSA)  software, 
which  automates  work  assignments,  billing  and  invoic¬ 
ing,  time  sheets  and  similar  kinds  of  labor.  The  software 
is  designed  for  organizations  that  provide  professional 
services,  such  as  global  IT  shops,  financial  services 
organizations,  consulting  firms  or  organizations  with 
many  far-flung  consultants  around  the  world. 

In  theory,  the  tool  seemed  ideal  for  Intria-HP’s 
overhaul.  The  reports  PSA  software  creates  can  help  a 
company  closely  track  what  work  IT  employees  and 
consultants  are  doing,  see  what 
resources  are  free  at  any  given  time,  Reader  ROI 
and  assist  managers  in  determining 
whether  their  workers  are  ready  to 
take  on  new  assignments.  The  idea 
is  to  allow  managers  to  more  effec¬ 
tively  use  their  existing  workforce. 

But  Intria-HP  soon  found  that 


See  why  professional 
services  automation  soft¬ 
ware  doesn’t  always  work 

Find  out  what  to  do  if 
you  meet  employee 
resistance 


theory  clashed  with  practice.  The  system  just  wasn’t 
working,  says  Bent  Fink-Jensen,  an  IT  executive  whose 
official  title  is  director  of  process  and  knowledge  man¬ 
agement.  And  it  wasn’t  working  for  a  very  simple  rea¬ 
son:  People  weren’t  using  it.  Rather  than  learn  and  adapt 
to  a  system  in  which  they  saw  few  benefits,  people  sim¬ 
ply  reverted  to  the  old  ways  of  doing  things — and  so  the 
promised  benefits  of  the  software,  which  cost  $345  per 
license  ($550  in  Canadian  dollars),  weren’t  forthcoming. 

Interviews  with  other  CIOs  who  have  used  PSA 
software,  and  with  consultants  familiar  with  the  tech¬ 
nology,  reveal  that  Intria-HP’s  story  isn’t  an  isolated 
one.  While  PSA  software  holds  out  the  promise  of 
increasing  the  effectiveness  of  businesses  that  provide 
professional  services,  employees  often  balk  at  using  it, 
and  the  investment  may  be  wasted. 

“You  can’t  just  drop  this  technology 
on  your  workforce  and  have  people 
magically  use  it,”  says  Dave  Hoffer- 
berth,  research  director  responsible  for 
the  PSA  practice  of  the  Aberdeen 
Group,  an  IT  resource  and  consulting 
group  based  in  Boston.  “Executives  so 


www.cio.com  •  MARCH  15,  2002  CIO  85 


Professional  Services  Automation  Software 


far  have  loved  this.  But  if  it’s  an  executive 
mandate,  you'll  typically  get  resistance.” 

To  forestall  such  resistance,  CIOs  must  do 
some  homework  before  they  even  invest  in 
this  kind  of  software.  To  begin  with,  they 
should  have  a  thorough  understanding  of 
their  company’s  corporate  culture  and  how 
the  company  assigns  work.  Companies  that 
provide  consulting  or  Web  design  services 
are  often  staffed  by  creative  types  who  don’t 
cotton  to  a  lot  of  structure,  and  may  balk 
at  attempts  to  compartmentalize  their  work. 
On  the  other  hand,  IT  organizations  that 
have  employees  who  like  structure  and  order 
may  embrace  workflow  software. 

CIOs  also  have  to  understand  how  em¬ 
ployees  report  their  progress  on  assignments, 
note  time  on  each  project  and  bill  for  their 
work.  If  such  business  processes  are  not  in 
place  and  clearly  spelled  out  before  the  soft¬ 
ware  is  in  place,  it  isn’t  going  to  work.  All 
the  technology  in  the  world  cannot  compen¬ 
sate  for  a  disorganized  work  environment, 
as  Fink-Jensen  discovered. 

Culture  Shock 

Since  Intria-HP  began  life  as  the  product 
of  a  merger  between  a  hardware  company 
and  a  bank,  it  had  no  in-house  store  of 
knowledge  to  turn  to  in  setting  up  the  right 
kind  of  processes  for  a  consultancy.  “We 
weren’t  set  up  to  have  a  handle  on  getting 
[consulting]  work  into  the  organization  and 


knowing  who  the  work  was  assigned  to,” 
Fink-Jensen  says.  “So  we  had  difficulty  in 
knowing  what  commitments  we  could 
make  and  what  we  couldn’t  make.” 

To  solve  the  problem,  the  company  turned 
to  Account4  PSA  software,  now  known  as 
Lawson  Professional  Services  Automation. 
They  began  to  roll  out  the  software  in  August 
2000,  and  by  January  2001  they  had  900 


users.  But  it  didn’t  take  long  for  the  problems 
to  start  piling  up.  It  started  at  the  most  basic 
level:  People  simply  didn’t  use  the  software. 

“Under  the  old  way  of  doing  things  when 
we  were  owned  by  the  bank,  there  were  a  lot 
of  back  doors  for  getting  work  done,”  says 
Fink-Jensen.  “And  those  back  doors  stayed 
open — so  people  in  IT  were  doing  work 
when  requested,  but  without  reporting  it  [in 
the  software].”  And  without  people  report¬ 
ing  their  work  into  the  software,  he  says, 
there  was  no  way  for  managers  to  use  it  to 
manage  and  control  projects. 

In  fact,  experts  say,  the  biggest  obstacle 
to  implementing  PSA  software  has  nothing 
to  do  with  technology — it  has  to  do  with 


corporate  culture.  People  may  not  like  the 
idea  that  they  have  to  document  everything 
they  do,  and  they  may  balk  at  finding  out 
about  their  daily  tasks  from  software  rather 
than  directly  from  superiors. 

Using  the  software  will  mean  that  peo¬ 
ple’s  work  lives  become  much  more  struc¬ 
tured.  An  IT  worker,  for  example,  might  log 
in  to  the  PSA  system  in  the  morning  and  find 


out  what  jobs  have  to  be  done  that  day.  He 
would  then  fill  out  Web-based  time  sheets 
for  when  each  task  must  be  accomplished. 
“You  need  to  explain  to  the  people  doing  the 
work  why  [PSA  software]  is  important,  to 
let  them  know  that  it  can  make  their  lives 
easier,”  Hofferberth  notes. 

There  is  another  downside:  The  use  of  the 
software  could  lead  to  less  face-to-face  inter¬ 
action  with  colleagues,  Hofferberth  says. 
Even  so,  he  believes  that  the  increased  effi¬ 
ciency,  faster  invoicing  turnaround  and 
sophisticated  reporting  features  of  the  soft¬ 
ware  are  well  worth  the  effort.  And  he  notes 
that  people  who  work  in  IT  departments 
“tend  to  like  more  structure  than  do  artists 
or  public  relations  people”  and  are  often 
happy  with  the  greater  structure  it  imposes. 

Bonnie  Nardi,  research  scientist  at  Agilent 
Laboratories,  and  an  anthropologist  who  has 
studied  how  technology  is  used  in  the  work¬ 
place,  is  not  so  sure.  She  is  concerned  that  the 
resulting  decrease  in  face-to-face  interaction 
could  take  its  toll  on  an  organization.  (For 
more  on  Nardi’s  ideas,  read  “Software  for 
the  People”  at  www.cio.com/prmtlinks.) 

“There’s  some  magic  in  interaction,  and 
any  software  that  cuts  down  on  that  will  cut 
down  on  efficiency  and  creativity,”  Nardi 
says.  Specifically,  she  notes  that  it  could  cut 
down  on  creative  solutions  that  come  out 
of  brainstorming  sessions,  informal  mentor¬ 
ing  among  employees  and  team  building. 


The  biggest  obstacle  to  implementing  PSA 
software  has  nothing  to  do  with  technology 
it  has  to  do  with  corporate  culture. 


86  CIO  MARCH  15,  2002  •  www.cio.com 


THEY  CAME  LOOKING  FOR  THE  SOFTWARE  CHOSEN  BY  LEADING  E-BUSINESSES.  THEY  FOUND: 

WEBSPHERE  at  eBay 

IBM  WebSphere  is  the  fastest-growing  e-business  software  platform:  eBay,  one  of  the  most 
successful  “born  on  the  Web”  companies,  has  turned  to  WebSphere  infrastructure  software  as  it  gets  even 
more  serious  about  e-business.  WebSphere  has  the  scalability  to  build,  launch  and  maintain  a  massive 
around-the-clock  site  like  eBay.  Over  thirty  million  registered  eBay  users  will  rely  on  the  dependability  of 
WebSphere  when  they  buy  collectibles,  electronics  and  B-to-B  services.  Visit  ibm.com/websphere/ebay 


IT’S  A  DIFFERENT  KIND  of  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  of  SOFTWARE. 


© 


business  software 


Professional  Services  Automation  Software 


Ten  Steps  to  Choosing  the  Right  PSA  Software 

There  are  many  professional  services  automation  (PSA)  vendors  making  many  promises. 
Here’s  how  to  cut  through  the  hype  and  choose  the  right  one. 


Assemble  a  selection  group  composed  of  people  from  every 
part  of  the  organization  who  will  use  the  software.  Make 
sure  to  balance  it  geographically.  Not  only  will  this  give  you 
the  best  snapshot  of  what  you  need,  but  it’ll  help  ensure  buy-in 
after  you  choose  the  software. 

2  Come  to  an  agreement  about  the  business  processes  that 
will  be  automated  before  looking  at  software.  You  may  find 
that  this  step  alone,  even  if  you  don’t  choose  any  PSA  soft¬ 
ware,  will  help  your  business  run  better. 

3  If  you  do  decide  to  go  ahead,  you  can  then  select  a  pack¬ 
age  that  has  the  specific  features  you  need.  Joe  Federer, 
vice  president  of  professional  services  for  Dayton,  Ohio- 
based  Teradata,  recently  went  through  a  time-consuming 
process  of  selecting  PSA  software.  He  found  that  Noviant  soft¬ 
ware  was  strong  in  resource  management  but  left  a  lot  to  be 
desired  when  it  came  to  time  and  expense  entries;  while 
Account4  was  excellent  in  project  accounting  but  less  stellar  in 
knowledge  and  resource  management. 

4  Factor  in  your  company’s  culture.  The  best  PSA  soft¬ 
ware  in  the  world  will  be  worthless  if  you  choose  one 
that’s  inimical  to  your  corporate  culture.  For  example, 
if  people  are  used  to  the  freedom  of  choosing  their  work  and 
working  conditions,  be  careful  not  to  choose  a  system  that  will 
destroy  what  people  value  most  about  their  jobs. 

Decide  if  you  want  an  end-to-end,  all-in-one  package  or 
one  that  integrates  with  your  existing  HR,  billing  and  other 
systems.  Small  companies  often  choose  to  go  with  an  all-in- 
one  package,  while  large  ones  may  choose  a  point  solution  that 
takes  only  certain  modules  and  links  them  to  existing  systems. 


6  Match  the  PSA  solution  to  your  company  size  and  the 
industry  you’re  in.  Some  solutions  are  better  for  small 
companies,  some  are  designed  for  health-care  enterprises 
and  others  for  government  services.  Ask  for  a  list  of  organiza¬ 
tions  using  the  PSA  software  you’re  considering,  and  see  if  they 
are  like  yours.  And  then  talk  to  existing  customers,  without  the 
vendor  present. 

7  Decide  on  your  platform  of  choice.  Will  it  be  a  thin-client 
Web-based  one?  A  more  traditional  client/server  model? 
These  days  most  people  agree  that  Web-based  is  the  way  to 
go  because  it  will  then  be  accessible  where  employees  or  consult¬ 
ants  are  working. 

8  Integrate  it  into  your  existing  architecture.  It  must  easily 
integrate  into  your  existing  databases  and  all  of  your 
back-end  systems. 

9  Start  small.  Kazim  Isfahani,  principal  analyst  with  the 
Robert  Frances  Group  in  Westport,  Conn.,  recommends 
that  a  company  not  start  off  by  buying  and  then  installing 
and  implementing  the  whole  gamut  of  professional  services 
automation  modules.  “Put  in  the  most  critical  components  for  a 
small  number  of  users,  then  to  a  larger  number  of  users,  and  then 
go  on  to  another  component,”  he  says. 

Don’t  underestimate  how  long  it  will  take  to  imple¬ 
ment  the  package.  IT  executives  who  have  installed 
PSA  software  say  it  can  take  six  to  18  months.  Ken 
Brzozowski,  vice  president  of  the  Corporate  Technology  Group 
at  Merrill  Lynch,  says,  “It  may  seem  straightforward,  so  people 
try  to  accelerate  implementation,  but  that  causes  delay  in  the 
long  term.”  -P.G. 


And  if  people  are  assigned  jobs  and  sign  off 
that  they’ve  finished  jobs  primarily  via  web¬ 
pages,  as  you  do  with  some  PSA  software, 
“then  that’s  all  that  people  will  do,”  Nardi 
says.  “They  won’t  interact,  and  they’ll  be 
plugged  in  to  a  webpage  all  day. 

“A  lot  of  really  amazing  people  in 
organizations  in  America  do  far  more  than 
they  are  paid  for.  When  you  take  away  the 
‘invisible  incentives’  [of  interacting  with 
others],  you  won’t  get  the  best  out  of  peo¬ 
ple,”  she  says. 

At  Intria-HP,  the  problem  of  employee 
resistance  was  exacerbated  by  the  fact  that 
the  software  itself  was  somewhat  difficult  to 


use.  So  when  people  did  report  their  work 
via  the  software,  they  often  put  in  the  wrong 
work  codes.  Those  codes  are  of  vital  impor¬ 
tance  because  if  improper  codes  are  put  in, 
there’s  no  way  to  track  work  properly  or 
create  usable  reports.  And  people  would 
sometimes  book  their  time  as  nonbillable 
when  it  should  have  been  billable,  leading  to 
“revenue  leakage,”  in  Fink-Jensen’s  words. 

Managers  were  also  equally  confused 
about  how  to  use  the  software,  and  so  they 
weren’t  able  to  generate  the  workflow 
reports  they  needed. 

Fink-Jensen  attributes  the  problems  to 
three  causes:  the  difficulty  of  learning  the 


software,  not  providing  enough  training  and 
not  having  adequate  understanding  of  the 
ways  in  which  work  flows  through  an  organ¬ 
ization  before  implementing  the  software. 
“We  had  done  a  fair  amount  of  training,” 
Fink-Jensen  says,  “but  we  found  out  that  we 
had  to  go  back  and  follow  up  because  they 
didn’t  get  it  the  first  time  around.” 

The  company  currently  has  900  people 
using  the  software,  and  by  taking  more  time 
to  carefully  document  how  work  assignments 
are  handled,  Fink-Jensen  says  the  problems 
have  been  straightened  out.  The  software  is 
now  proving  valuable  to  the  business,  he  says, 
primarily  because  it  allows  the  company  to 


88  CIO  MARCH  15,  2002  •  www.cio.com 


DB2 


software 


•  w  o 

0  Q_ 

go- 

go 

55 

£8= 


0  03 
03  W 

CD  Z3 
Q  .£ 

"O  — 1 
C 

10  0 
o 

03  C 
O  O 

—  o 


•0 
woo 


03 

w  -Q 
CD  u. 
"oD  0 
CO  CO 
0 


CM  Z) 
CD  . 
D  CM 

,  o  • 
12  25 ; 
w  in  . 
*  0 

O 
x 


0  0 
c  _c 
w  -5 

■?  -5 

0  T3 

0  £ 
X!  « 
(/) 
-  0 

£3 

—  CO 


r-’  W  n  S  ■ 
°5®  215 
§  ra  O  « 


m 


THE  CODERNAUTS  WERE  ON  A  SEARCH  FOR  A  DATABASE  THAT  RUNS  ON  LINUX:  UNIX  AND  WINDOWS  2000.  THEY  DISCOVERED: 


DB2  outperforms  ORACLE 


I  CUSTOMERS  KNOW  IT,  PARTNERS  KNOW  IT,  BENCHMARKS  PROVE  IT  | 


business  software 


ibm.com/db2/outperform 


IT’S  A  DIFFERENT  KIND  of  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  of  SOFTWARE. 


Professional  Services  Automation  Software 


bill  for  more  hours  and  lets  managers  utilize 
their  workforce  more  efficiently.  But  it  took 
a  year  to  get  it  straight,  Fink-Jensen  says,  and 
warns  other  CIOs  to  spend  more  time  on 
training  than  they  think  they  will  need. 

If  at  First  You 
Don’t  Succeed... 

Scott  Kitlinski,  CIO  of  ePresence,  a  profes¬ 
sional  services  company,  echoes  Fink-Jensen 
in  saying  that  a  big  problem  with  PSA 
software  is  getting  people  to  use  it.  When 
Kitlinski  joined  ePresence  two  years  ago,  the 
company  was  undergoing  a  dramatic  change. 
It  had  been  known  as  Banyan  Worldwide  and 
was  purely  a  product  company  (it  made 
and  sold  a  networking  operating  system 
and  directory  product).  As  ePresence,  it  was 
transitioning  itself  from  a  product  company 
into  a  services  organization  that  provided 
e-business  consulting.  But  in  its  new  config¬ 
uration,  the  software  applications  it  was 
using  didn’t  allow  the  company  to  create 
workflow  reports  and  merge  new  clients 
into  the  business.  Kitlinski  decided  that  PSA 
software  would  be  ideal  for  the  Westborough, 
Mass.-based  company’s  new  focus.  He  spear¬ 
headed  a  group  that  chose  Evolve  PSA  soft¬ 
ware,  and  in  February  2000,  he  started  the 
implementation.  A  few  months  later,  how¬ 
ever,  a  major  problem  became  apparent: 
People  weren’t  using  the  software. 


To  begin  with,  salespeople  weren’t  enter¬ 
ing  data,  Kitlinski  says.  “The  simple  process 
of  getting  salespeople  to  share  pertinent 
information  about  clients  was  a  pretty  big 
change  because  they  were  used  to  the  idea 
that  they  owned  the  customer.” 

It  wasn’t  only  salespeople  who  weren’t 
using  the  software  though.  Resource  man¬ 
agers — those  in  charge  of  determining  what 
resources  are  available  for  projects  at  the 
company — weren’t  using  it  either.  Because  of 
that  it  was  difficult  for  other  managers  to 


know  which  workers  were  available  for 
projects.  Workers  were  either  underutilized 
or  misutilized,  says  Kitlinski,  a  potentially 
serious  problem  in  a  consulting  business. 

“All  you  really  have  in  a  consulting  busi¬ 
ness  are  people  and  their  experience,  and  if 
they’re  not  being  utilized  properly,  then  your 
profitability  suffers,”  he  notes. 

EPresence  spent  months  trying  to  get  its 
employees  to  use  the  Evolve  software.  And 
in  the  midst  of  the  implementation,  the  soft¬ 
ware  was  revised  in  a  way  that  made  it  even 
more  difficult  to  use;  the  upgraded  version, 
for  instance,  no  longer  allowed  its  users  to 


cio.com _ 

How  do  you  get  user  buy-in? 

To  WEIGH  IN,  go  to  the  Web 
Connections  box  at  www.cio.com. 

get  an  overview  of  all  the  lines  of  business 
at  once,  Kitlinski  says. 

So  ePresence  dropped  Evolve  and  halted 
the  PSA  project.  Kitlinski  declined  to  say 
how  much  money  the  company  wasted  on 
that  endeavor.  But  several  months  later,  the 
company  chose  another  vendor,  Change- 


point,  to  install  PSA  software.  In  the  in¬ 
terim,  he  says,  the  software  had  gotten 
easier  to  use  and  integrate  into  an  organi¬ 
zation.  And  he  had  learned  from  the  first 
go-around  that  it  was  vital  to  get  people  on 
board  first. 

“The  key  the  first  time  around  is  that 
people  weren’t  using  it  because  they  didn’t 
see  a  reason  to  use  it,”  he  says.  So  with 
the  Changepoint  implementation,  he  spent 
much  more  time  up  front  detailing  the  ben¬ 
efits  of  the  software — for  instance,  showing 
how  it  would  allow  the  company  to  bet¬ 
ter  manage  projects  and  time  and  make 
sure  people  were  doing  the  work  they 
want  to  do. 

The  new  software  has  already  helped  in 
a  number  of  ways,  Kitlinski  says,  including 
better  matching  people’s  skills  with  the  kinds 
of  projects  they’d  be  most  effective  with,  and 
having  more  accurate  and  timely  financial 
information  that  allows  company  officials  to 
better  manage  the  business. 

The  lesson  learned?  When  it  comes  to  PSA 
software,  organizational  issues  are  more  im¬ 
portant  than  technical  ones.  “Technology  is 
very  seldom  the  problem,”  he  says.  “It's  deal¬ 
ing  with  culture  change.”  HE! 


The  danger  of  workflow  software  is  that  it 
cuts  down  on  face-to-face  interactions. 


90  CIO  MARCH  15.  2002  •  www.cio.com 


Got  any  stories  about  PSA  software?  Let  Senior 
Editor  Alison  Bass  know  at  abass@cio.com.  Preston 
Gralla  is  a  freelance  writer  in  Cambridge,  Mass. 


Visit  us  at  www.primavera.com/events  to  learn  about  our  free  online  seminars. 


Can  you  afford  to  guess  which  projects  will  provide  the  most  value  to 
your  company? 

Primavera  Team  Play®  lets  you  confidently  pick  your  clear  project  winners. 


Wrap  your  arms  around  all  of  your  projects  using  Primavera TeamPlay  from  Primavera  Systems-  the  world’s 
leading  developer  of  project  management  software.  Primavera  TeamPlay  provides  the  easiest  way  to  track  and 
prioritize  all  of  your  projects  to  improve  execution  and  predictability.  You’ll  be  able  to  respond  quickly  to  market 
changes  and  choose  the  projects  that  match  best  with  your  business  goals. 


Primavera  TeamPlay  has  already  helped  thousands  of  project-driven  companies  in  the  financial  services,  banking, 
corporate  IT  and  software  development  industries  to  select  and  execute  the  correct  projects  with  confidence. 
Let  Primavera  TeamPlay  make  you  a  winner-  by  eliminating  the  guesswork. 

Call  1.800.423.0245  or  visit  us  at  www.primavera.com/ci2. 

PRIMAVERA 


TeamPlay 


Case  Files:  Shell  IT  International 

CUSTOMER  FOCUS 
KNOWLEDGE  MANAGEMENT 

PROJECT  MANAGEMENT  4 

VALUE  PROPOSITION 


COMPANY  INFO 

ORGANIZATION 

Shell  Information  Technology 
International  (SITI)  is  part  of  the 
internal  IT  services  division  of  the 
Royal  Dutch/Shell  Group,  a  global 
energy  producer 

HEADQUARTERS 

Houston 

EMPLOYEES 

2,300  in  the  United  States 

2000  REVENUES 

$191.5  billion  for  the  Royal 
Dutch/Shell  Group 

URL 

www.shell.com 


CHALLENGE 

How  to  effectively  manage  the 
human  side  of  change,  through 
change  agents,  during  an  all- 
encompassing  project 


THE  PLAYERS 

JANET  JONES 

Project  Manager 

CHRISTY  DILLARD 

Change  Agent  in  Shell’s  Individual 
Group  Entities  (IGE)  division,  the 
professional  services  arm  of  SITI 

ANITA  BETTIS 

Change  Agent  from  IGE 


CASE  ANALYST 

GOPAL  KAPUR 

President,  Center  for  Project 
Management 


Quick  Change 

Artists 

How  Shell  Information  Technology  International  successfully 
navigated  the  rollout  of  new  security  standards 

BY  SIMONE  KAPLAN 


WHEN  THE  I.T.  SERVICES  division  of  the  Royal 
Dutch/Shell  Group  was  required  to  implement 
a  comprehensive  set  of  new  security  standards 
in  only  six  months,  it  decided  to  balance  the 
human  needs  with  the  technical  side  of  the 
changes. 

In  January  2000,  the  Shell  Information  Tech¬ 
nology  International  (SITI)  group  received  the 
mandate  to  institute  all-encompassing  security 
changes — new  passwords  every  35  days  and 
updates  to  hundreds  of  servers  and  networks. 
As  Shell’s  IT  service  provider,  SITI  had  to  make 
sure  its  2,300  IT  staffers  knew  the  security  stan¬ 
dards  inside  and  out  by  June,  when  an  inde¬ 
pendent  audit  of  the  new  standards  would  be 
performed.  Unlike  many  IT  projects,  security 
changes  impact  the  daily  routine  of  every 
employee  with  the  scope  of  the  effect  depend¬ 
ing  on  the  type  of  job.  SITI  therefore  decided 
that  this  project,  known  as  Trust  Domain,  called 
for  a  change  agent. 


Planning  and  Communication 

The  first  thing  Janet  Jones,  the  SITI  project  man¬ 
ager  who  handled  Trust  Domain,  did  was  panic. 
“I  thought,  Oh  my  gosh,  how  will  we  get  this 
done?”  Jones  says.  Then  she  sat  with  Trust 
Domain’s  sponsors  and  upper  management  at 
SITI  and  hashed  out  an  overview  of  the  project 
to  determine  what  resources  were  needed.  Jones 
decided  to  involve  a  change  agent — keeping  in 
mind  that  no  one  really  likes  change  but  that 
divisionwide  compliance  was  imperative  for  the 
project  to  succeed.  Past  experience  had  shown 
that  without  a  team  leader  focusing  specifically 
on  the  people  side  of  change,  resentment  might 
bubble  up  from  the  ranks.  Alan  Fraundorf,  who 
was  acting  CIO  for  the  organization  at  the  time 
of  the  project  and  now  works  as  a  consultant 
in  professional  services,  agrees.  “You  can  have 
a  great  IT  staff  and  extremely  successful  projects 
from  an  IT  point  of  view,”  he  says.  “But  you 
must  deal  with  the  organizational  impact  of 


92  CIO  MARCH  15,  2002  •  www.cio.com 


PHOTO  BY  JENNIFER  BINDER 


Snell  change  agents  Anita 
Bettis  and  Christy  Dillard 
(left  and  middle)  helped 
project  manager  Janet  Jones 
keep  in  mind  the  human 
impact  of  far-reaching 
security  changes  at  Shell’s 
IT  services  division. 


www.cio.com 


MARCH  15,  2002  CIO  93 


EXPERT  ANALYSIS 

GOOD  NEWS,  BAD  NEWS 

BY  GOPAL  KAPUR 

THIS  IS  A  CLASSIC  good  news,  bad  news  project.  The  good 
news:  The  team  was  able  to  finish  the  project  on  time  and 
meet  project  objectives— supported  by  the  fact  that  it 
passed  the  security  audit  with  flying  colors.  The  steps  lead¬ 
ing  to  the  success  of  this  project  included  a  focused  project 
manager,  involved  functional  managers  who  defined  proj¬ 
ect  success  up  front,  and  the  creation  of  the  project  web¬ 
site  and  mascot. 

But  of  all  the  positive  steps  taken  by  project  manager 
Janet  Jones,  the  most  important  was  recruiting  the  two 
change  agents.  Christy  Dillard  and  Anita  Bettis  were  inno¬ 
vative,  effective,  attentive  listeners  as  well  as  good  collabo¬ 
rators.  They  extended  their  effectiveness  by  recruiting 
unofficial  leaders  from  each  department  as  their  project 
champions.  Unfortunately,  far  too  many  project  managers 
overlook  the  simple  fact  that  any  project  by  definition 
changes  the  way  people  do  their  work.  In  my  experience, 

far  too  few  project  managers  pay  sufficient  attention  to  the  steps  and  effort  needed 
to  prepare  the  prospective  end  users  for  the  change  and  overlook  the  need  to 
recruit  change  agents  early  in  the  life  cycle  of  the  project. 

In  fact,  few  companies  specifically  employ  change  agents,  and  when  they  do, 
they  are  spread  too  thin  and  only  act  in  advisory  roles  to  the  project  manager 
instead  of  being  full-time  team  members.  Another  key  problem  is  that  many 
change  agents  come  from  the  IT  department  and  end  up  acting  as  enforcers  of  the 
new  process  rather  than  as  facilitators. 

Now  the  bad  news:  This  is  a  classic  case  of  a  project  completed  through  the 
heroic  efforts  of  the  three  team  members— Jones,  Dillard  and  Bettis.  It  appears  that 
SITI  and  Shell  do  not  have  a  well-defined  repeatable  project  management  process 
in  place  across  the  enterprise  because  none  of  the  other  Shell  companies  were  able 
to  pass  the  audit. 

Far  too  many  IT  projects  fail  primarily  because  of  poor  project  management  dis¬ 
cipline  across  the  enterprise— a  fact  illustrated  by  the  need  to  extend  the  project 
deadline  to  October  for  the  remaining  Shell  companies— a  50  percent  overrun  from 
the  original  schedule. 


Gopal  Kapur  is  the  pres¬ 
ident  and  founder  of  the 
Center  for  Project  Man¬ 
agement.  An  author  of 
two  computer-program¬ 
ming  textbooks  as  well 
as  numerous  articles  on 
project  management  in 
several  business  and 
technology  publications, 
Kapur  has  been  a  con¬ 
sultant  since  1975. 


Case  Files  |  Project  Management 

change  to  have  overall  success.” 

Jones  knew  it  was  essential  to  bring  an 
agent  on  board  early  to  ensure  that  project 
stakeholders  were  identified  and  that  the 
communication  between  the  project  team 
and  employees  was  quickly  put  in  place.  The 
agent  had  to  have  strong  listening  skills  and 
an  innovative  approach  to  collaboration. 
Trust  Domain  came  on  the  heels  of  the  Y2K 
project,  on  which  Jones  had  worked  with 
Christy  Dillard,  a  change  agent  in  Shells  pro- 

“Lots  of  people  just 
stick  their  change 
agent  in  an  office 
and  leave  them  there. 
But  you  have  to  em¬ 
bed  yourself  into  the 
project  and  the  team.” 

-CHRISTY  DILLARD,  CHANGE  AGENT, 
SHELL’S  INDIVIDUAL  GROUP 
ENTITIES  DIVISION 

fessional  services  department  in  SITI.  The 
collaboration  had  been  a  success,  and 
Jones  knew  Dillard  had  the  experience 
and  the  qualities  she  needed  to  manage 
Trust  Domain.  Once  Dillard  signed  on,  she 
brought  over  Anita  Bettis,  a  second  change 
agent  from  professional  services.  The  three 
decided  that  Jones  would  handle  the  techni¬ 
cal  and  project  management  tasks,  while 
Dillard  and  Bettis  would  handle  all  commu¬ 
nication  with  employees  and  act  as  liaisons 
between  the  project  team  and  the  SITI  staff. 
In  order  for  the  SITI  employees  to  trust  the 
agents  and  take  them  seriously,  Dillard  and 
Bettis  knew  they  had  to  be  visible  and  acces¬ 
sible  to  the  staff  on  a  daily  basis.  So  the  two 
moved  into  the  SITI  offices  and  began  sitting 
in  on  all  group  and  department  meetings. 

“Lots  of  people  just  stick  their  change 
agent  in  an  office  and  leave  them  there,”  Dil¬ 
lard  says.  “But  you  have  to  embed  yourself 


into  the  project  and  the  team.  The  change 
agents  are  the  ones  hearing  about  morale 
and  reactions  to  the  project.”  Since  Dillard 
observed  people’s  reactions  and  Jones 
tracked  the  project’s  progress,  daily  meetings 
allowed  them  to  share  their  different  per¬ 
spectives  and  create  a  larger  picture.  Jones, 
Dillard  and  Bettis  immediately  came  up  with 


backbone  documents  for  the  project:  a 
staffing  piece  and  stakeholders’  analysis. 

Look  into  My  Staff  List 

To  have  as  granular  an  analysis  as  possible, 
Dillard  and  Bettis  started  by  examining  SITI’s 
organizational  chart  and  breaking  it  down 

Continued  on  Page  99 


94  CIO  MARCH  15.  2002  •  www.cio.com 


Film  has  the  Oscars. 


Television  has  the  Emmys. 

Music  has  the  Grammys. 

Information  Technology  has  the 

Enterprise  Value  Awards: 

As  an  executive  who  has  built  or  utilized  an  IT  system  that  delivers  both 
demonstrable  ROI  and  strategic  value  to  your  organization,  you  deserve  recognition 
and  praise.  The  CIO  Magazine  Enterprise  Value  Award  will  bring  you,  your  company 
and  your  IT  organization  the  industry  prestige  you  deserve.  ■  Download  the  applica¬ 
tion  from  our  website  at  www.cio.com/eva  or  contact  Cristina  Sousa  at  (508)  935-4630. 


PROUDLY  UNDERWRITTEN  BY 

GENUiTY 


PRESENTED  BY  CIO  MAGAZINE 

CIO 


Deadline  for  entry:  May  15,  2002 


PRESENTED  BY  CIO  MAGAZINE 

era 


PROUDLY  UNDERWRITTEN  BY 

GENUiTY 


As  a  Winner  You  Will: 

■  Be  featured  in  the  February  1,  2003,  issue  of  CIO  Magazine, 
as  well  as  on  CI0.com 

■  Attend  the  Enterprise  Value  Retreat  and  Awards  Ceremony 
being  held  at  the  St.  Regis  Monarch  Beach  Resort  and  Spa 
in  Dana  Point,  California,  February  2-5,  2003. 

■  Give  a  “nuts-and-bolts”  presentation  of  your  winning  system 
to  your  executive  peers  during  the  Enterprise  Value  Retreat. 

■  Be  celebrated  at  the  Enterprise  Value  Awards  dinner  and 
ceremony  with  a  professional  video  highlighting  your  winning 
system  and  honoring  those  involved  in  its  success. 

■  Be  presented  with  four  beautiful  and  unique  Enterprise  Value 
Award  stars-each  a  handcrafted  piece  of  commissioned  art 
designed  by  sculptor  Jon  Schackmuth. 

■  Flave  the  opportunity  to  extend  the  excitement  of  the  awards 
night  with  copies  of  your  video,  highlighting  your  winning 
system,  as  well  as  a  video  of  the  entire  awards  ceremony. 

■  Receive  public  relations  assistance  to  extend  the  awareness 
of  this  award  through  the  support  of  CIO  Magazine’s  News 
and  Information  team,  as  well  as  a  full  press  kit  including 
press  release  and  logo  information. 

■  Showcase  the  awards  evening  by  participating  in  a  professional 
photo  shoot  at  the  ceremony.  Photos  can  be  used  in  many 
ways  including,  in  conjunction  with  a  press  release,  employee 
newsletters  and  company  websites. 


For  More  Information 

Contact  Cristina  Sousa  at 
(508)  935-4630  or  via  email  at 
csousa@cxo.com.  Or  visit  the  awards 
website  at  www.cio.com/eva. 


Benefits  of  Winning: 

■  Increased  visibility  in  your  employee,  investor  and  customer 
communities  through  public  relations  efforts. 

■  Enhanced  recruiting  opportunities  (who  doesn’t  want  to  be  part 
of  an  award-winning  team?). 

■  Personal  prestige  for  those  involved  in  the  winning  system. 


2003  Enterprise  Value  Awards® 
Download  the  Application  at  www.cio.com/eva 

Deadline  for  entry:  May  15, 2002 


PHOTO  OF  AWARD  BY  RALPH  MERCER 


(TEAR  OUT)  (TEAR  OUT) 


Criteria 

The  CIO  Magazine  Enterprise  Value  Awards 
honor  technology-enabled  business  achieve¬ 
ment  Winners  will  be  chosen  by  a  panel  of 
independent  CIO  judges  from  entrants  who 
submit  completed  application  forms  to  CIO 
magazine  by  May  15,  2002. 

Entries  will  be  judged  on  the  value  of  the 
achievement  resulting  from  the  technology 
investment  and  the  degree  to  which  it  serves 
the  organization's  mission.  Judges  are  looking 
for  initiatives  that  have  had  a  broad  and 
significant  impact  on  the  enterprise  as  a  whole. 

Defining  Value 

We  invite  applicants  to  consider  the 
broadest  possible  spectrum  of  enterprise 
value.  The  business  benefits  include  but  are 
not  restricted  to  STRATEGIC,  CUSTOMER, 
FINANCIAL,  OPERATIONAL,  SOCIAL  and 
TOP-LINE  impact. 

Selection  Process 

Finalists  are  selected  by  a  screening  panel 
of  CIO  editors  and  the  CIO  Magazine 
Enterprise  Value  Awards  Review  Board. 

Each  finalist  will  be  subject  to  an  in-depth 
analysis  of  the  nominated  system  performed 
by  CIO  or  its  agents.  This  analysis,  which 
may  require  a  site  visit  from  a  member  of 
our  Review  Board,  will  be  based  on  inter¬ 
views  with  sponsoring  executives  and 
system  users,  and  will  be  designed  to 
substantiate  all  claimed  benefits,  Site  visits 
will  take  place  in  July  and  August.  The 
Review  Board  will  present  its  findings  to  a 


blue-ribbon  judging  panel  of  leading  IT 
practitioners  for  final  judging  in  late 
September  2002. 

Important  Dates 

DEADLINE:  Applications  must  be  received 
by  May  15,  2002. 

NOTIFICATION:  Winners  will  be  notified  in 
October  2002. 

PRESENTATION:  Awards  ceremony  takes 
place  February  4,  2003,  at  the  CIO 
Enterprise  Value  Retreat.  Winners  will  be 
profiled  in  the  February  1,  2003,  issue  of 
CIO  magazine. 

Entry  Guidelines 

■  The  system  must  have  been  operational 
prior  to  July  1,  2000  (yes,  we  really 
mean  2000!). 

■  Entries  must  be  made  jointly  by  the 
CIO/IT  executive  sponsor  AND  by  the 
business  sponsor  for  whom  the  system 
delivers  value.  Both  must  sign  the  Truth 
of  Information  release. 

■  Entrants  must  agree  to  be  featured, 
along  with  their  systems  and  organiza¬ 
tions,  in  a  CIO  article. 

■  Entries  must  be  complete  (see  complete 
application  form  online). 

■  All  entries  must  be  computer-generated 
or  typed;  no  handwritten  entries  will  be 
accepted. 

■  A  copy  of  the  entry  should  be  sent  via 
e-mail  or  on  diskette  as  an  MS  Word  file. 
Download  the  application  from 
www.cio.com/eva, 


■  Only  one  entry  per  company  will  be 
considered. 

■  IT  vendors,  public  relations  and  advertis¬ 
ing  companies,  consultants  and  other 
third  parties  may  NOT  apply  on  behalf  of 
another  company.  They  are  encouraged 
to  forward  the  application  to  the  “owner” 
of  the  system  or  to  contact  CIO  Magazine 
to  recommend  that  the  client  be 
contacted  to  fill  out  an  application  form. 


PRESENTED  BY  CIO  MAGAZINE 

EE 

PROUDLY  UNDERWRITTEN  BY 

GENUiTY 


For  More  Information 

Contact  Cristina  Sousa  at 
(508)  935-4630  or  via  email  at 
csousa@cxo.com.  Or  visit  the  awards 
website  at  www.cio.com/eva. 


2003  Enterprise  Value  Awards® 
Download  the  Application  at  www.cio.com/eva 

Deadline  for  entry;  May  15,  2002 


■  . 

- 


;  •  ■■  :>  wVVVa 


:  .i.A":;:'. 

•  •;  ■  /  ■  :  • 


Previous  Winners 


Harrah's  Entertainment  Inc.  2001 
Household  Financial  Corp.  2000 
Hyatt  Hotels  &  Resorts  1995 
Kmart  Corp.  1995 
Lone  Star  Gas  Co.  1993 
Los  Angeles  County  Department 
of  Public  Social  Services  1994 
McDonnell  Douglas  Helicopter  Systems  1996 
MacGregor  Medical  Association  1997 
Medical  Center  of  Delaware  1993 
Michigan  Department  of  Transportation  2002 
The  MITRE  Corp.  1999 
New  York  City  Department  of  Finance  1998 
New  York  City  Transit  Authority  1993 
Office  Depot  Inc.  2001 

PA  Department  of  Environmental  Protection  2002 
PC’s  Compleat  Inc.  1995 
The  Perrier  Group  of  America  Inc.  1993 
Pfizer  Inc.  2000 


PPG  Industries  Inc.  1999 

Procter  &  Gamble  1998 

Rockwell  Space  Systems  Division  (SSD)  1996 

The  SABRE  Group  1999 

SBC  Communications  Inc.  1999,  2002 

Schlumberger  Ltd.  1997 

South  Florida  Water  Management  District  1994 

State  Street  Global  Advisors  1998 

SynOptics  Communications  Inc. 

(now  Bay  Networks  Inc.)  1994 
Tech  Data  Corp.  1998 
Telogy  Inc.  1996 
Texas  Instruments  1993 
Travelers  Managed  Care  and  Employee 
Benefits  Operations  1993 
Tufts  University  2001 
United  Healthcare  Corp.  1996 
U.S.  Army  Pacific  Regional  Program  Office  2000 
U.S.  Environmental  Protection  Agency  1998 


APCOA  Inc.  1995 

AT&T  Universal  Card  Services  Corp.  1994 

Bell  Atlantic  Corp.  1997 

Black  &  Veatch  1998 

Brigham  &  Women’s  Hospital  1996 

Capital  One  Financial  Corp.  1999 

Caterpillar  Inc.  1995 

Charles  Schwab  &  Co.  2000 

The  Chase  Manhattan  Corp.  1997 

Chicago  Bureau  of  Parking  1994 

Commonwealth  of  Massachusetts  1995 

Complete  Health  Services  Inc.  1994 

Dell  Computer  Corp.  2000 

The  Dow  Chemical  Co.  2002 

Enterprise  Rent-A-Car  2002 

Fidelity  Investments  1997 

Gensym  Corp.  1996 


PROUDLY  UNDERWRITTEN  BY 

GENUiTY 


PRESENTED  BY  CIO  MAGAZINE 


Deadline  for  entry:  May  15,  2002/Download  the  Application  at  www.cio.com/eva 


Case  Files 


Project  Management 


Continued  from  Page  94 

by  department,  group  and  individual,  exam¬ 
ining  the  impact  of  the  change  based  on  the 
employees’  jobs.  Rather  than  simply  filing  the 
analysis  away,  the  change  agents  used  the 
document  as  a  foundation  for  their  commu¬ 
nications  plan — referring  to  it  before  meet¬ 


ings  or  sending  out  memos.  As  the  project 
proceeded  and  the  effect  of  Trust  Domain 
became  clear,  the  agents  added  stakeholders 
to  the  list  and  used  their  feedback  to  modify 
the  communications  plan. 

For  Dillard  and  Bettis  that  meant  meet¬ 
ing  with  a  manager  on  a  weekly  basis  or 
meeting  with  an  individual  employee  to  get 
internal  feedback.  The  impact  of  the  new 
standards  varied.  For  some,  it  meant  chang¬ 
ing  their  passwords  every  month  and  mak¬ 
ing  sure  they  had  a  screen  saver  on  their 
desktop.  For  others,  it  meant  changing  the 
procedures  for  writing  code  and  taking  new 
precautions  when  dialing  into  SITFs  net¬ 
work  from  a  remote  location. 

To  maintain  contact  with  and  solicit  feed¬ 
back  from  employees,  the  change  team  held 
frequent  focus  groups  and  took  time  in 
weekly  department  meetings  for  project 
discussions,  where  employees  were  more 
comfortable  talking  about  concerns  and 
questions.  The  team  also  looked  to  “unoffi¬ 
cial”  leaders  in  each  department — the  ones 
who  spoke  up  most  at  meetings  and  employ- 

cio.com _ 

For  more  on  project  management, 
visit  our  LEADERSHIP  AND 
MANAGEMENT  RESEARCH  CENTER 

at  www.cio.com/leadership. 


ees  went  to  for  guidance.  Jones  and  Dillard 
had  learned  during  the  Y2K  project  that  get¬ 
ting  the  buy-in  from  those  department  lead¬ 
ers  was  essential  in  bringing  along  the  entire 
department.  The  change  agents  met  with  the 
department  champions  for  lunch  on  a 
monthly  basis  to  keep  their  fingers  on  the 


-JANET  JONES,  PROJECT  MANAGER,  SITI 

pulse  of  the  unit. 

In  turn,  the  department  leaders  kept  the 
change  team  informed  about  how  their 
group  was  adjusting  to  the  new  standards. 

Trusty  the  Mascot 

To  increase  awareness  of  Trust  Domain, 
Jones  and  the  change  team  created  a  web¬ 
site  to  keep  staff  updated  and  educated.  The 
site  featured  project  news,  updates  pertinent 
to  each  department,  and  a  forum  for  ques¬ 
tions  and  concerns.  To  bring  the  project  to 
a  more  personal  level  and  give  it  some 
humor,  the  team  adopted  a  mascot:  Trusty 
the  porcupine.  For  the  change  team,  Trusty 
gave  the  security  project  an  identity  that  set 
it  apart  from  other  initiatives  in  SITI.  To 
keep  employees  thinking  about  Trust 
Domain,  which  was  essential  for  the  pro¬ 
ject’s  success,  the  team  saturated  SITI  with 
Trusty  paraphernalia.  All  communications 
relating  to  the  project,  such  as  presentations, 
e-mails  and  memos,  bore  the  porcupine’s 
semblance,  and  Dillard  set  up  an  e-mail 
address  for  Trusty  so  that  employees  could 
e-mail  concerns  or  questions  about  the  proj¬ 
ect.  Some  people  hated  the  mascot,  she 
admits,  but  Trusty  got  people  talking. 

You  Say  Yes,  I  Say  No 

Inevitably,  Dillard  and  Jones  ran  across 
pockets  of  resistance.  Some  employees  felt 


the  new  security  measures  were  too  little  too 
late.  Others  had  watched  similar  initiatives 
get  pushed  through  in  the  past  and  fail. 
Often,  the  champions  identified  naysayers 
in  their  department  to  the  change  team  and 
gave  the  team  insight  into  why  problems 
were  occurring. 

Dealing  with  reluctant  employees  meant 
that  Dillard  and  Bettis  constantly  met  with 
department  managers  and  the  naysayers 
themselves.  The  team  sat  down  with  resis¬ 
tors  and  listened  to  their  concerns,  and  then 
tried  to  address  them  by  discussing  the  goal 
of  the  security  mandate.  “If  people  felt  the 
changes  were  ineffectual,  we  acknowledged 
their  opinion  but  let  them  know  we  had  to 
start  somewhere,”  Dillard  says. 

As  a  next  step,  Dillard  got  the  resistors 
involved  in  Trust  Domain  by  encouraging 
them  to  learn  about  the  project  scope  and 
give  presentations  to  other  departments  in 
SITI.  This  helped  reluctant  employees  feel  as 
if  they  were  part  of  the  team,  and  it  showed 
other  employees  that  if  this  person  could  sup¬ 
port  the  project  anyone  could,  says  Dillard. 

Secure  the  Hatches 

When  July  1  came,  SITI  passed  the  man¬ 
dated  independent  audit  of  the  new  security 
measures.  The  audit  represented  the  first  real 
test  to  find  out  whether  the  Trust  Domain 
project  had  succeeded.  SITI  was  one  of  the 
only  Shell  business  units  to  pass  the  audit. 
And  although  SITI  had  completed  the  proj¬ 
ect,  so  many  of  the  other  Shell  companies 
failed  that  the  Royal  Dutch/Shell  Group  was 
forced  to  push  back  the  deadline  to  Oct.  1 
for  implementing  Trust  Domain.  For  Jones 
and  Dillard,  the  real  success  lay  in  watching 
the  change  come  and  go  without  fanfare  and 
without  disrupting  office  life. 

“Planning  a  change  is  like  a  three-legged 
stool,”  Jones  says.  “The  legs  are  technology, 
process  and  people.  To  be  successful,  you 
need  to  have  all  three  and  have  them  appro¬ 
priately  balanced.  By  the  time  the  change 
came,  everyone  was  prepared.”  BE! 


Staff  Writer  Simone  Kaplan  wants  to  hear  your 
change  management  stories  at  skaplan@cio.com. 


“Planning  a  change  is  like  a  three-legged  stool. 
The  legs  are  technology,  process  and  people. 
To  be  successful,  you  need  to  have  all  three 
and  have  them  appropriately  balanced.” 


www.cio.com  •  MARCH  15,  2002  CIO  99 


Tech-savvy  schools  like  to  sha 

but  only  if  yo 


Conexant  CIO 
Ashwin  Rangan 


Stanford  University’s 
Director  of  Technology 
Licensing  Katharine  Ku 


Unisys  CIO 
John  Carrow 


Advanced  Technology  Development 


ech-hunting  CIOs  should  consider  going  back 

to  school — not  for  extra  credits,  but  for  the  tools  to  make  their 
lives  easier.  Hundreds  of  colleges  and  universities  offer  access  to 
research  through  their  Offices  of  Technology  Licensing  (OTLs). 
The  University  of  California  at  Berkeley’s  OTL,  for  example,  read¬ 
ily  hawks  The  Pseudoflow  Algorithm,  a  software  component  that  promises  to  boost 
cross-supply  chain  query  speeds  anywhere  from  25  percent  to  a  whopping  32,500 
percent.  School  reps  will  also  tell  you  about  the  university’s  Mobile  People  Archi¬ 
tecture,  which  formats  communications  (faxes,  e-mails,  phone  calls)  to  fit  just  about 
any  device.  But  both  come  with  a  caveat:  They  might  not  work  in  the  real  world. 


University  research  has  traditionally  been 
more  about  theoretical  rather  than  applied 
science.  But  an  accelerating  rate  of  practical 
innovation  on  campus — particularly  in  IT — 
means  that  CIOs  willing  to  invest  their  time 
will  find  the  effort  worthwhile.  On  occasion, 
the  payoff  will  be  a  new  product  or  technol¬ 
ogy  suitable  for  internal  use.  But  even  if  they 
don’t  find  something  to  run  on  their  servers 
or  connect  to  their  networks,  CIOs  will 
almost  always  glean  greater  knowledge  of 
what  technology  is  coming  down  the  pike. 
And  that  information  can  be  valuable. 
Ashwin  Rangan,  CIO  of  Newport  Beach, 
Calif. -based  semiconductor  maker  Conexant, 
is  unequivocal  about  his  company’s  relation¬ 
ships  with  local  research  universities:  “It  is  a 
source  of  a  competitive  advantage.” 

Historical  Record 

uch  of  today’s  information 
technology — everything  from 
optical  fiber  to  the  Internet — 
originated  in  academic  re¬ 
search.  These  innovations  traditionally  go 
through  a  lengthy  commercialization 
process,  however,  where  companies  take 
the  concept  pioneered  at  a  university  and 
turn  it  into  a  viable  product  or  service — 
and  it  can  take  years.  But  this  situation  is 
beginning  to  change.  During  the  last 
decade  a  confluence  of  circumstances, 


including  a  decrease  in  government 
research  funding,  industry’s  increasing 
need  for  innovation  and  a  greater  percent¬ 
age  of  applied  research  in  the  universities, 
has  pushed  academic  and  commercial 
interests  closer  together. 

To  facilitate  school-business  relation¬ 
ships,  most  research  universities  have 
OTLs  and  industry  liaison  groups  tasked 
with  keeping  corporations  involved  in 
on-campus  research.  OTLs  deal  with  spe¬ 
cific  technologies,  says  Katharine  Ku, 
director  of  Stanford  University’s  OTL. 
Industry  liaison  programs,  on  the  other 
hand,  use  newsletters,  conferences  and  site 
visits  to  provide  companies  with  a  broader 
look  at  the  research  conducted  across  a 
university  and  to  give  members  a  chance 
to  rub  elbows  with  professors.  Nearly  200 
companies,  including  Ford  Motor  Co. 
and  Pfizer,  belong  to  MIT’s 
Industrial  Liaison  Program, 
for  example. 

In  the  quest  for  new  tech¬ 
nology,  companies  work 
with  schools  in  three  ways: 
directly  funding  research; 
licensing  a  research-quality 
technology  directly  from  the 
school;  and  funding  gradu¬ 
ate  students  or  professors  to 
start  their  own  companies. 


War  Fund 

he  modern  relationship  between 
research  universities  and  commer¬ 
cial  interests  dates  from  the  end  of 
World  War  II,  when  the  military 
invested  heavily  in  technical  institutions — 
MIT  and  Stanford  in  particular.  The  goal 
was  to  develop  innovative  technologies  that 
would  help  the  United  States  win  the  Cold 
War.  But  most  of  the  innovations  in  infor¬ 
mation  technology  from  the  ’60s  through 
the  ’80s  were  Defense  Advanced  Research 
Projects  Agency  (DARPA)  projects,  includ¬ 
ing  the  technologies  that  launched  Cisco, 
Silicon  Graphics  and  Sun  Microsystems. 

“Government  saw  it  as  their  responsibil¬ 
ity  to  fund  research,  especially  that  which 
might  be  relevant  to  the  military,”  says 
Thomas  Hughes,  professor  emeritus  at  the 
University  of  Pennsylvania  and  chair  of  the 
National  Research  Council’s  study  on  the 
funding  of  the  computer  revolution.  “Until 
about  1980,  the  government  was  the  major 
source  of  funds.  Slowly,  as  the  funding 
began  to  taper  off,  industry  began  to  spend 
more.” 

The  decline  in  spending  coincided  with 
the  slowdown  and  eventual  end  of  the  Cold 
War.  The  Department  of  Defense  still  spon¬ 
sors  considerable  academic  research  (the 
military  gives  about  $300  million  a  year  to 
MIT’s  off-campus  Lincoln  Labs,  for  exam¬ 
ple).  But  sources  for  the  remainder  have 
changed  significantly  during  the  past  decade. 

Corporations,  which  had  slashed  R&D 
budgets  during  the  economic  slump  of  the 
’80s,  returned  to  the  univer¬ 
sity  fold  en  masse,  partly 
owing  to  the  tech  boom  of 
the  ’90s.  At  MIT,  the  per¬ 
centage  of  industry-spon¬ 
sored  on-campus  research 
has  increased  from  10  per¬ 
cent  in  the  beginning  of  the 
’90s  to  20  percent  today,  or 
about  $90  million,  says  Karl 
Koster,  the  university’s  direc¬ 
tor  of  corporate  relations. 


Reader  ROI 

►  Discover  how 
companies  use  aca¬ 
demic  connections  for 
technological  benefit 

►  Learn  how  universities 
move  research  into 
the  marketplace 

►  Find  out  how  CIOs  can 
become  involved  with 
academic  research 


www.cio.com  •  MARCH  15,  2002  CIO  101 


Advanced  Technology  Development 

Increased  corporate  involvement  has  coin¬ 
cided  with  a  trend  toward  applied  research 
meant  to  address  real-world  needs.  During  the 
Cold  War,  Hughes  says,  researchers  received 
loose  mandates  and  were  allowed  to  address 
far-reaching  theoretical  problems.  This  free 
rein  produced  many  well-known  advances  in 
computer  technology,  such  as  Unix,  worksta¬ 
tions  and  reduced  instruction  set  computing 
(see  “Academia’s  New  Economy,”  Page  104). 
Today  much  of  the  computer  science  research 
conducted  in  universities  uses  real-world  tech¬ 
nology  to  address  current  problems,  says  Steve 
Halperin,  professor  and  dean  of  the  college 
of  computer,  mathematical  and  physical  sci¬ 
ences  at  the  University  of  Maryland  (UMD)  in 
College  Park.  Such  projects  could  have  a  busi¬ 


ness  impact  as  soon  as  someone  builds  a 
commercially  scalable  version.  As  recently  as 
a  decade  ago  most  university  technology 
was  at  least  five  to  10  years  away  from 
commercialization. 

The  trend  toward  applied  research,  how¬ 
ever,  is  not  a  direct  result  of  increased  cor¬ 
porate  funding.  The  senate  passed  the 
Bayh-Dole  Act  in  1980  and  a  series  of 
amendments  in  1984  that  for  the  first  time 
granted  universities  commercial  rights  to 
technology  developed  with  any  degree  of 
federal  funding.  Patenting  innovations  and 
finding  a  company  that  could  license  and 
develop  the  technology  into  a  full-fledged 
product  emerged  as  an  important  revenue 
source,  says  Stanford’s  Ku.  And  professors, 


thus  assured  of  retaining  their  intellectual 
capital,  became  more  inclined  to  undertake 
applied  research. 

Technology  License 

The  cheapest  of  the  ways  to  actively 
benefit  from  university  research  is 
to  license  a  promising  technology 
and  make  it  commercially  viable. 
This  approach,  however,  also  takes  the  most 
internal  effort,  since  a  license  is  simply  per¬ 
mission  to  use  or  commercialize  a  research- 
grade  application  and  usually  requires  signif¬ 
icant  reengineering  to  make  it  enterprise¬ 
worthy.  Conexant  works  with  several  uni¬ 
versities,  funds  a  wireless  project  at  the 
University  of  California  at  San  Diego  and 
founded  a  student  internship  program  with 
Kyungpook  National  University  in  Korea, 
among  other  things.  In  late  2000,  says  CIO 
Rangan,  Conexant  took  a  research-grade 
project-tracking  concept  and  rudimentary 
application  from  University  of  California 
Irvine,  which  is  just  across  the  street  from 
company  headquarters. 

The  application  went  well  beyond  tra¬ 
ditional  project  metrics  like  design  and 
testing  to  include  ongoing  ROI  calcula¬ 
tions.  But  the  software  was  far  from 
business-ready.  Rangan  has  five  employees 
working  on  the  project,  which  at  this  point 
doesn’t  have  a  definitive  end  date. 

Making  the  application  enterprise-ready 
has  taken  longer  than  Rangan  expected, 
but  he  says  that  directly  licensing  a  tech¬ 
nology  for  internal  use  is  a  strategy  he 
would  pursue  again  if  he  found  another 
technology  that  was  production-worthy.  In 
this  case,  the  potential  benefit  from  the  sys¬ 
tem  (not  to  mention  the  negligible  mone¬ 
tary  investment)  made  it  worthwhile. 


Fund  Hunt 


Providing  the  students  or  professors 
who  developed  a  technology  with 
funding  to  turn  their  research  into  a 
product  is  more  expensive,  but  it 
requires  less  hands-on  work.  “Everybody 
thinks  we’re  looking  for  the  next  new  gadget 
to  put  in  a  car,”  says  Chris  Johnson,  venture 


102  CIO  MARCH  15,  2002  •  www.cio.com 


PHOTO  BY  ROBERT  DOWNS 


% 


AND  YOU  THOUGHT  ALL  WE 
MAKE  IN  MICHIGAN  IS  CARS. 


We  also  help  make  medical  breakthroughs  happen. 
Breakthroughs  like  Lipitor,  which  is  now  the  most 
prescribed  drug  in  the  US. 

And  that's  just  part  of  our  biotechnology  story.  Michigan 
is  home  to  more  than  300  life  science  companies  -  like 
Pfizer,  the  creator  of  Lipitor.  Michigan's  life  science 
industry  ranks  in  the  top  ten  in  the  nation  for  the 
number  of  companies  and  sales. 

The  story  continues  with  Michigan's  recent  $1  billion 
investment  in  the  development  of  a  Life 
Science  Corridor. 


This  concentration  of  research  and  development 
facilities,  our  world-class  universities  and  rapidly 
growing  venture  capital  community,  makes  Michigan 
a  great  place  to  turn  your  biotech  ideas  into 
successful  businesses. 

Maybe  one  as  popular,  as  effective  and  as 
life-changing  as  Lipitor. 

Surprised?  Don't  be.  We're  not  just  the  proud  home  of 
America's  auto  innovators,  we're  now  groundbreakers 
of  America's  new  biotechnology  industry. 


www.michigan.org 


For  the  full  story,  call  1.800.946.6829  or  visit 
www.michigan.org. 


ECONOMIC 

DEVLLOPMtNl 

COHFOKAIION 


Advanced  Technology  Development 


fund  manager  with  Ford  in  Dearborn,  Mich. 
“[But]  in  the  time  I  have  been  here  we  have 
done  nothing  for  new  vehicle  technology.  It’s 
been  entirely  manufacturing  applications 
and  enterprise  applications.” 

The  automotive  giant  is  a  longtime  mem¬ 
ber  of  MIT’s  Industrial  Liaison  Program,  and 
in  June  2000  that  foot  in  the  door  proved 
useful.  Assistant  Professor  Matt  Wall  had 
developed  a  design-sharing  technology  that 
would  work  across  CAD  systems  and  allow 
companies  to  share  only  parts  of  a  file.  Now, 
with  supply  chain-wide  collaboration  com¬ 
ing  closer  to  reality,  Wall’s  technology  pro¬ 
vided  an  opportunity  for  supply  chain  part¬ 
ners  to  team  up  while  protecting  their  intel¬ 
lectual  assets. 

Ford  decided  to  give  Wall  and  his  partners 
the  funding  he  needed  to  develop  a  startup, 
Oculus  Technologies,  which  would  in  turn 
sell  the  software  to  Ford.  The  software  that 
came  out  of  the  university  was  rough,  says 
Johnson.  Ford  did  not  want  to  license  the 
software  and  turn  it  into  something  commer¬ 
cially  viable  itself — it  would  have  cost  too 
much  money — but  wanted  to  make  sure  that 
the  product  was  developed  with  the  automo¬ 
tive  industry  as  a  priority.  Ford  estimates  that 
it  will  save  $5  million  to  $15  million  per  vehi¬ 
cle  design  program  through  improved  effi¬ 
ciency  as  a  result  of  using  Oculus’s  system. 
“The  technology  might  be  two  years  out,  but 
if  we  can  get  them  an  inside  track  we  might 
be  the  first  market  they  target,”  says  Johnson. 
“It  has  the  potential  to  save  millions  of  dol¬ 
lars  for  Ford,  so  the  potential  to  save  millions 
of  dollars  two  years  earlier  is  important.” 

A  Word  from  the  Sponsors 

Fujitsu,  the  Japanese  software  giant, 
combined  the  two  approaches,  both 
sponsoring  research  and  working 
directly  with  the  academics.  This  is 
a  costly  venture  for  Fujitsu  but  one  with  a 
high  return. 

During  the  past  few  years,  the  University 
of  Maryland  had  made  a  concerted  effort  to 
align  itself  more  closely  with  industry.  “My 
belief  is  that  the  science  colleges  that  will 
succeed  in  this  century  are  those  that  learn 


Stanford  Director 
of  Technology 
Licensing 
Katharine  Ku: 
Patents  and 
product 
development 
have  become  key 
funding  sources. 


ai—w * 


m»r" 


Academia’s  New  Economy 

THOMAS  HUGHES,  professor  emeritus  at  the  University  of  Pennsylvania  and  chair 
of  the  National  Research  Council’s  study  on  the  funding  of  the  computer  revolution, 
is  afraid  that  the  influx  of  corporate  dollars  and  the  trend  toward  applied  research  will 
prevent  the  monumental  breakthroughs  that  characterized  the  computer  revolution. 

“It  is  extremely  important  that  universities  have  freedom  to  choose  what  projects  to 
pursue  and  are  not  tied  down  to  work  on  product-line  improvements,”  he  says.  “But 
I’m  afraid  that’s  not  the  way  a  company  would  look  at  it.” 

In  private  conversation,  university  heads  complain  about  the  constraints  industry 
funding  places  on  the  school  and  that  corporate  dollars  compromise  academia’s 
ability  to  find  the  next  big  breakthrough.  “I  see  this  as  a  problem,  a  serious  problem,” 
says  Hughes.  “Industry  should  look  for  talented  researchers  and  have  faith.” 

Unfortunately,  as  Hughes  accepts,  that  probably  won’t  happen.  DARPA’s  (Depart¬ 
ment  of  Defense’s  Advanced  Research  Projects  Agency)  budget  is  staying  right  around 
$2  billion  for  the  foreseeable  future,  and  the  struggling  economy  forces  industry  to  show 
a  return  for  their  buck.  And  the  surest  way  to  do  that  is  with  applied  research.  -B.W. 


04  CIO  MARCH  15,  2002  •  www.cio.com 


PHOTO  BY  VOLDI  TANNER 


^  KUDCERa 


company 


brings  affordable  color 
to  the  workplace  . . . 


Color  is  essential  to  today’s  business  documents.  One  company  has  met 
the  demand  with  digital  copiers  and  printers  that  produce  both  color 
and  black  &  white  documents  quickly  and  efficiently.  Introducing  the 
KM-C830  Color  Copier  and  the  FS-8000C  Color  Printer  from 
Kyocera  Mita.  Now  you  can  produce  professional  looking,  finished 
color  and  black  &  white  documents  in-house  at  an  extremely  low  cost 
per  page.  One  company  can  lead  you  to 
the  forefront  of  business  communication. 

One  company.  Kyocera  Mita. 


Call  1-800-222-6482  for  the 
name  of  the  Kyocera  Mita 
dealer  near  you. 


Visit  www.kyoceramita.com/cio 
and  enter  to  win  a  free 
laser  printer 


KM-C830 


FS-8000C 


^KyocERa 

mita 


Where  Documents  Are  Going 

KYOCERA  MITA  is  KYOCERA'S  document  solutions  brand 

KYOCERA  MITA  CORPORATION  www.kyoceramrta.com 
KYOCERA  MITA  AMERICA  www.kyoceramrta.com 


©2002  KYOCERA  CORPORATION  AND  KYOCERA  MITA  CORPORATION 


Advanced  Technology  Development 


Unisys  CIO  John  Carrow  says  the 
biggest  advantages  of  university 
contact  come  from  hiring 
students  and  tech  trend  watching. 


Agrawala  hopes  to  pilot  his  software 
soon  at  one  of  the  Smithsonian  museums, 
where  visitors  will  be  able  to  use  rented 
Compaq  iPaqs  to  create  their  own  gallery 
schedule  agenda,  make  lunch  reservations 
and  purchase  stuffed  Spirit  of  St.  Louis  toy 
airplanes  from  the  gift  shop.  The  software 
allows  devices  to  recommend  exhibits 
based  on  user  preferences  and  can  even 
take  advantage  of  location  information  to 
tell  users  when  and  in  what  direction  they 
need  to  move  in  order  to  meet  their  friend 
for  lunch. 

Jonathan  Agre,  a  director  at  Fujitsu 
Laboratories  of  America  in  College  Park, 
says  that  before  working  with  UMD,  Fujitsu 
didn’t  have  location  technology.  Now  they 
have  demonstration  systems  and  are  working 
on  research  papers.  Agre  thinks  that  Fujitsu 
could  have  location-based  software  on  the 
market  within  two  years. 

Fringe  Benefits 

John  Carrow,  CIO  of  Blue  Bell,  Pa.- 
based  software  integrator  Unisys, 
says  that  the  need  for  a  solid  rela¬ 
tionship  with  universities  has  never 
been  stronger.  “[But]  from  a  CIO’s  perspec¬ 
tive,  we  are  not  looking  five  years  out  for 
technology,”  he  says.  “We  want  to  imple¬ 
ment  things  that  are  up  to  speed.  I  don’t 
think  many  CIOs  are  in  the  R&D  game. 
We  want  to  help  the  business  today.” 
Although  Unisys  has  worked  with 
Villanova  University,  Drexel  University,  the 
University  of  Pennsylvania  and  Rutgers 
University  on  different  projects,  Carrow 
says  that  the  biggest  benefits  are  having  an 
advantage  when  it  comes  to  hiring  former 
students  and  generally  staying  educated  on 
emerging  technology. 

“CIOs  are  always  interested  in  what  is 
coming  down  the  pike,”  he  says.  “And  so 
knowing  what  is  happening  by  staying  close 
to  university  research  helps  you  keep  your 
company  on  the  leading  edge.”  HT3 


Have  you  teamed  up  with  a  local  university  or 
college?  Let  Staff  Writer  Ben  Worthen  know  at 
bworthen@cio.  com . 


to  interact  with  a  nonacademic  world,”  says 
UMD’s  Halperin.  “It  is  important  for  gen¬ 
erating  an  inflow  of  new  questions  and 
ideas,  and  providing  a  link  between  our 
undergrad  and  graduate  students  and  the 
outside  world  where  most  will  find 
careers.”  Halperin’s  effort  to  attract  busi¬ 
nesses  paid  off  in  April  when  Fujitsu  funded 
Professor  Ashok  Agrawala’s  Mindlab  and 
occupied  its  own  research  facility  literally 
next  door. 

Agrawala,  whose  previous  research 
includes  such  projects  as  a  real-time  operat¬ 
ing  system  that  ran  on  any  computer  with  a 
Pentium  chip,  started  a  dialogue  with  Fujitsu 
about  sponsoring  his  current  research, 
including  wireless  networking,  in  September 


cio.com _ 

For  more  on  GOVERNMENT 
FUNDING  OF  BASIC  RESEARCH, 

check  out  “You  Get  What  You  Pay  For” 
at  www.cio.com/printlinks. 


2000.  (At  the  time  he  was  also  speaking  with 
Cisco.)  The  Mindlab  research — software  for 
wireless  devices  that  combines  multiple  per¬ 
sonalized  services  with  location-sensitive 
information — was  much  more  practical 
than  his  previous  efforts.  It  was  also  in  line 
with  markets  that  Fujitsu  hoped  to  pursue. 
“Basically  what  we  wanted  to  do  fit  in  well 
with  what  they  wanted,”  he  says.  “There 
was  very  little  tailoring  [required].” 


106  CIO  MARCH  15,  2002  •  www.cio.com 


PHOTO  BY  DAVID  FIELDS 


THE  COMPAQ  ADAPTIVE  INFRASTRUCTURE  IS  ABOUT  TO  CHANGE  EVERYTHING. 

Technology  has  automated  just  about  everything  these  days.  But  curiously,  the  corporate  data  center  has  lagged 
behind.  There,  highly  skilled  people  still  spend  inordinate  amounts  of  time  doing  things  like  manual  fault  searches  and 
mindlessly  repetitive  server  management  tasks.  It's  more  than  ironic.  It’s  enormously  counterproductive.  Because  every 
initiative  a  corporation  undertakes- — whether  it’s  in  operations,  marketing,  accounting  or  HR — goes  through  the  data  center. 

But  the  new  Compaq  Adaptive  Infrastructure  will  take  your  critical  initiatives  farther  and  faster  than  ever  before.  Its 
next-generation  ProLiant™  BL  server  blade  technology  features  innovative  architecture  that  conserves  space  and  resources 
by  multiplying  performance  per  square  foot  of  data  center.  And  ProLiant  Essentials  Software  management  tools  that  offer 
levels  of  control  scaled  to  your  needs  so  you  can  rapidly  adapt  to  change,  remotely  deploying  new  technology — and 
redeploying  existing  technology — in  the  time  it  takes  to  click  on  a  mouse. 

It’s  a  technological  advance  with  enormous  implications  for  business.  And  Compaq  Global  Services  can  provide  the  expert, 
responsive  support  to  help  you  make  it  happen.  Find  out  more  by  calling  your  Compaq  Account  Representative  or  reseller; 
or  dial  1-800-AT  COMPAQ,  press  option  5  and  mention  priority  code  SCK,  or  log  on  to  compaq.com/adapt3 

[Log  on:  compaq.com/adapt3 
Or  call:  1-800-AT-COMPAQ 

©2002  Compaq  Computer  Corporation.  Compaq,  the  Compaq  logo  and  ProLiant  are  registered  in  the  U.S.  Patent  and  Trademark  Office. 


COMPAQ. 

Inspiration  Technology 


Inside 

Companies 
to  Watch 

Red-M: 

cutting  wires  . ...  112 

Under 

Development 

Quantum 

entanglement  . ...  114 

Revisit 

Computer-aided 
visualization . 116 

Predictions 

Ethernet’s 

last  mile  . 116 


Road  Map  to  3G 

Wireless  data  will  get  a  boost  in  2002 — but  bow  much  of  one  depends 
on  whom  you  ask  by  danielle  dunne 


Edited  by  Christopher 
Lindquist.  Send  your 
thoughts  and  ideas 
for  future  columns  to 
clindquist@cio.com. 


THIS  YEAR,  it  looks  like  there  will  be  a  little  high¬ 
speed  wireless  reality  to  go  along  with  the  hype. 
U.S.  providers  are  finally  beginning  to  roll  out 
high-bandwidth  wireless  services,  including  e-mail 
with  attachments,  instant  messaging  and  always- 
on  data  connections.  And  CIOs  should  be  able 


to  take  advantage  of  these  tools — once  they  sift 
through  the  marketing  jargon. 

The  wireless  industry  categorizes  its  technolo¬ 
gies  by  stages  of  development.  Analog  networks 
(the  first  generation,  or  1G)  started  the  revolu¬ 
tion.  Digital  wireless  became  2G.  High-speed 


Wireless. ..Star  Trek  tech. ..Computer  visualization. ..Ethernet’s  future 


108  CIO  MARCH  15,  2002  •  www.cio.com 


ILLUSTRATION  BY  BRIAN  RASZKA 


Reporting,  Analysis  and  Information  Delivery 


1 


I  Reporting  I  Analysis  I  Information  Delivery 


MicroStrategy  was  chosen  as 
PC  Magazine  Editors'  Choice, 
August  2001 


From  to 


with  MicroStrategy 


i  know 


Ife*  St  " 


Now  talk  to  me 
about  how  it 

benefits 

my  business." 


mm 


MicraSfrcrfegy 

Best  In  Business  Intelligence-*^ m 


See  for 
yourself. 


Order  a  FREE  fully-functional 
Eval  CD  today 

www.microstrategy.com/cio 
Call  1-866-866-MSTR  (6787) 


•  Empower  your  users  by  letting 
them  create  their  own  reports 
in  real  time 


•  Get  information  to  the  people 
who  need  it  most 


•  Powerful  and  accessible 
analysis  for  all  users 


•  Insight  for  every  industry 
and  function 


•  Get  answers  to  critical  questions 
for  smarter  business  decisions 


•  Anywhere,  anytime  via  web, 
email.  Excel™,  and  wireless 


iki 


MAGAZINE 

EDITORS’ 

CHOICE 


- 1  Emerging 

data  combined  with  advanced  voice  ca¬ 
pacity  is  the  third  generation  (3G).  Back  in 
the  late  1990s,  when  it  became  clear  that 
3G  network  speeds  were  still  years  away, 
an  interim  stage  called  2.5G  emerged. 

This  half  step  to  3G  will  happen  this  year, 
and  many  CIOs  think  that  it  will  be  suffi¬ 
cient — at  least  for  the  time  being. 

Nancy  Bryant,  CIO  of  1st  City  Savings 
Federal  Credit  Union  in  Glendale,  Calif., 
says  that  she  is  going  to  upgrade  when  the 
networks  get  faster.  Bryant  uses  Sprint 
PCS’s  2G  wireless  modems  for  backup 
support  and  out-of-the-office  business, 
but  faster  would  be  better,  she  admits. 

“We  will  probably  go  even  faster  than 

Wireless  Glossary 

1XRTT:  lx  radio  transmission  technology  is  the  next  step  on  the  CDMA2000  path  to  faster 
wireless  networks.  This  year  Sprint  PCS  and  Verizon  Wireless  plan  to  introduce  the  first 
phase  of  lx  networks  that  are  capable  of  transferring  data  at  average  speeds  between 
60Kbps  and  80Kbps,  according  to  Sprint  PCS. 

1XEV-DV:  lx  evolution-data  and  voice  is  the  third  step  on  the  CDMA2000  path.  When  it 
becomes  available  (not  until  at  least  2003)  it  will  increase  both  voice  and  data  capacity 
on  the  supported  networks.  Sprint  PCS,  which  says  it  will  introduce  lxEV-DV  in  2004, 
claims  the  technology  will  transfer  data  at  rates  between  3Mbps  and  5Mbps. 

CDMA:  code  division  multiple  access  technologies  allocate  bandwidth  for  users  of  digital 
wireless  devices.  CDMA  uses  codes  to  differentiate  among  multiple  transmissions  carried 
simultaneously  on  a  single  radio  frequency  band. 

CDMA2000:  encompasses  all  the  stages  of  lx  technologies.  It  is  considered  a  3G  technol¬ 
ogy  that  increases  voice  and  data  capacity  and  could  theoretically  provide  data  speeds  up 
to  5Mbps.  CDMA2000  3G  technologies  compete  with  W-CDMA  technologies. 

EDGE:  enhanced  data  rates  for  global  evolution  is  a  step  up  from  GPRS  on  the  W-CDMA 
path  to  3G  technologies.  EDGE  is  supposed  to  transfer  data  at  speeds  up  to  384Kbps,  but 
average  performance  may  be  slower. 

GPRS:  general  packet  radio  service  is  a  technology  that  sends  packets  of  data  across  a 
wireless  network  at  theoretical  speeds  up  to  114Kbps.  It  is  a  step  up  from  the  older  circuit- 
switched  method  as  users  do  not  have  to  dial  in  to  networks  to  download  information. 
GPRS  is  the  next  step  for  GSM  networks  on  the  W-CDMA  path. 

GSM:  global  system  for  mobile  communications  is  a  standard  for  coding  and  transferring 
data  through  the  wireless  spectrum.  It  is  the  predominant  standard  in  Europe  and  Asia  and 
is  an  alternative  to  CDMA.  GSM  digitizes  and  compresses  data  and  sends  it  down  a  channel 
with  two  other  streams  of  user  data.  The  standard  is  based  on  time  division  multiple  access. 

TDMA:  time  division  multiple  access  lets  large  numbers  of  users  access  one  radio  fre¬ 
quency.  TDMA  breaks  down  data  transmission,  such  as  a  phone  conversation,  into  fragments 
and  transmits  each  fragment  in  a  short  burst,  assigning  each  fragment  a  time  slot. 

W-CDMA:  wideband  CDMA  is  a  3G  wireless  technology  that  allows  for  high-speed,  high- 
quality  data  transmission  at  speeds  of  around  2Mbps.  Derived  from  CDMA,  W-CDMA 
digitizes  and  transmits  wireless  data  over  a  broad  range  of  frequencies.  It  requires  more 
bandwidth  than  CDMA  but  offers  faster  transmission  because  it  optimizes  the  use  of  multiple 
wireless  signals  (unlike  CDMA’s  one  signal).  W-CDMA  competes  with  CDMA2000. 


2.5G  speeds;  if  I  could  do  it  all  wirelessly, 
I  would,”  says  Bryant. 

Faster,  Faster 

Each  wireless  generational  advance  in¬ 
cludes  an  increase  in  data  speeds.  Second- 
generation  networks  in  general  are  slow, 
with  data  speeds  similar  to  or  less  than  a 
14Kbps  modem.  Another  2G  drawback 
is  that  the  data  connections  are  circuit 
switched — meaning  users  must  initiate 
every  connection.  Both  these  issues,  how¬ 
ever,  are  partially  solved  by  2.5G  networks. 
They  use  packet-switched  networks,  with 
an  always-on  data  connection.  And  data 
also  travels  faster  than  on  2G  networks, 


Technology  | - 

with  speeds  similar  to  a  56Kbps  modem. 
The  Holy  Grail  of  wireless — 3G — ups  the 
performance  even  further,  purportedly 
achieving  speeds  as  high  as  384Kbps — fast 
enough  to  make  multimedia  features  such 
as  streaming  video  a  possibility. 

In  the  United  States,  the  current  stage 
is  described  as  2G  moving  toward  2.5G. 
(Europe  and  parts  of  Asia  have  an  edge  on 
the  United  States,  with  Europe  well  along 
2.5G  and  Japan  at  or  near  3G.)  Most 
major  wireless  carriers  say  they  are  com¬ 
mitted  to  building  networks  by  the  end  of 
the  year  that  can  transfer  data  at  average 
speeds  between  40Kbps  and  80Kbps.  But 
just  because  the  networks  are  capable  of 
moving  data  at  those  rates  does  not  mean 
users  will  always  experience  them  (just  as 
having  “nationwide  coverage”  from  your 
mobile  voice  carrier  doesn’t  mean  you’ll 
always  be  able  to  make  a  connection). 

And  the  faster  speeds  don’t  necessarily 
change  the  basic  uses  for  wireless  devices. 
With  2.5G,  users  won’t  be  watching  The 
Matrix  on  a  PDA.  But  checking  e-mail — 
and  even  opening  attachments — which 
can  be  ridiculously  time-consuming  tasks 
on  2G  networks,  should  become  feasible. 
Downloading  audio  files  and  digital 
images  may  even  be  reasonable  goals. 

Two  Ways  to  3G 

The  simple  generational  names  for  wireless 
technology  mask  an  ocean  of  complexity 
behind  the  scenes.  For  instance,  when  peo¬ 
ple  talk  about  3G  they  may  be  referring  to 
either  CDMA2000  or  wideband  CDMA 
(W-CDMA),  both  of  which  are  compet¬ 
ing  technologies.  (See  “Wireless  Glossary,” 
this  page,  for  a  description  of  CDMA). 

Both  technologies  describe  different 
routes  to  full  3G  capabilities.  The 
CDMA2000  road  to  3G  includes  a  stop  at 
lx  or  lxRTT  (radio  transmission  technol¬ 
ogy),  which  promises  average  data  speeds 
of  60Kbps  to  80Kbps  (at  least  according 
to  Sprint  PCS).  Both  Sprint  PCS  and 
Verizon  Wireless  say  they  plan  to  intro¬ 
duce  their  first  lx  networks  this  year. 

Here’s  where  some  confusion  comes 


IS  YOUR  BOSS 


YOU  NEED  TO  GET  SMART  FAST 


How  can  you  clearly  demonstrate  the  business  value  of 
your  information  technology  projects?  And  what  things 
should  you  measure  to  demonstrate  that  value?  Turn  to  the 
CIO  FOCUS™  on  I.T.  VALUE:  MEASUREMENT  TOOLS  AND 
TECHNIQUES  THAT  WORK  —actionable  information  created, 
filtered  and  packaged  by  the  award-winning  editors  of 
CIO  magazine. 

CIO  FOCUS™  is  delivered  right  to  your  desktop  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours.  Available  now  at 
an  introductory  price. 

FOCUS™ 

STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


CIO  FOCUS™ 

TOPICS  AVAILABLE: 

Fundamentals  of  the  CIO  Role 

How  to  Retain  IT  Staff  in 
Boom  Times  and  Bad 

IT  Security  Breach:  How  to 
React,  Recover  and  Seek 
Recourse 

Security  ASAP:  How  to  Be 
As  Safe  As  Possible 


FOR  EXECUTIVE  DECISION  SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE 

www.theCIOstore.com 


■j  Emerging  Technology  \ 


in:  The  International  Telecommunications 
Union  (ITU)  approved  calling  the  first 
phase  of  lx  a  3G  technology,  and  carriers 
are  marketing  it  as  such,  but  some  analysts 
remain  reluctant  to  call  it  true  3G.  Average 
speeds  for  the  first  phase  of  lx  are  closer 
to  speeds  characteristic  of  2.5G  networks. 
Phase  two  of  lx  is  the  next  step  for 
CDMA2000  networks,  which  promises 
speeds  up  to  288Kbps — performance  more 
in  keeping  with  the  3G  promise. 

Meanwhile,  the  next  phase  of  the  W- 
CDMA  path — the  direction  taken  by 
AT&T  Wireless,  Cingular  Wireless  and 
VoiceStream — is  general  packet  radio 
service  (GPRS),  but  getting  people  to  agree 
on  GPRS  data  rates  is  difficult.  The  range 
for  average  data  speeds  wavers  between 
20Kbps  (according  to  analysts)  and 
60Kbps  (if  you  talk  to  the  service  pro¬ 
viders).  After  GPRS  comes  enhanced  data 
rates  for  global  evolution  (EDGE),  which 
promises  data  speeds  as  high  as  384Kbps, 
but  average  speeds  may  be  slower. 

How  much  slower  these  technologies 
are  in  the  real  world  remains  to  be  seen. 
The  speeds  that  wireless  data  users  actu¬ 
ally  experience  are  often  significantly 


Bakhshi,  a  research  manager  for  3G 
wireless  infrastructure  at  Framingham, 
Mass. -based  IDC  (a  sister  company  to 
C/O’s  publisher,  CXO  Media).  While 
Bakhshi  understands  that  lx  and  EDGE 
have  been  called  3G  by  the  ITU,  it  was  on 
the  grounds  of  theoretical  speeds  of 
384Kbps — and  users  shouldn’t  expect  that 
kind  of  performance  in  real  settings. 

Other  Wireless  Ways 

Then  there’s  a  technology  that  doesn’t  fall 
neatly  onto  one  route  to  3G.  Nextel’s  pro¬ 
prietary  voice  and  data  network,  iDen, 
offers  data  speeds  around  15Kbps  to 
1 6Kbps,  and  with  compression  technolo¬ 
gies  available  this  spring  the  speed  could 
increase  to  between  40Kbps  and  100Kbps, 
according  to  Nextel. 

While  the  technologies  certainly  vary, 
for  practical  purposes  the  differences  are 
all  about  speed  and  coverage.  It’s  difficult 
to  find  concrete  answers  about  speed,  and 
coverage  will  vary  according  to  each  car¬ 
rier’s  network.  The  entire  Sprint  PCS  net¬ 
work,  for  instance,  will  upgrade  to  lx  at 
the  same  time  halfway  through  this  year, 
and  the  whole  VoiceStream  network  is 


The  simple  generational  names  for 
wireless  technology  mask  an  ocean 
of  complexity  behind  the  scenes. 


lower  than  the  theoretical  maximums. 
Actual  performance  depends  on  a  num¬ 
ber  of  factors,  including  a  user’s  location 
and  how  many  other  people  are  on  the 
network  at  the  same  time. 

The  achievable  speeds  for  lx  and 
EDGE,  for  instance,  are  much  lower  than 
their  theoretical  speeds,  says  Shiv  K. 

cio.com _ 

For  more  information,  check  out 

our  WIRELESS  COMMUNICATIONS 
RESEARCH  CENTER  at 

www.cio.com/communications. 


already  at  GPRS.  Other  carriers  are  mov¬ 
ing  market  by  market  and  making  ad¬ 
vanced  services  available  in  some  areas 
they  cover  but  not  in  others,  which  could 
be  an  issue  for  CIOs  looking  to  implement 
nationwide  wireless  data  services.  (AT&T 
and  Cingular  say  they  plan  to  have  na¬ 
tional  coverage  by  the  end  of  2002,  with 
Verizon  claiming  it  will  achieve  almost 
complete  coverage  in  the  same  time  frame.) 

The  endgame,  true  3G  in  the  form  of 
either  W-CDMA  or  lx  evolution-data  and 
voice  (lxEV-DV) — the  CDMA2000  tech¬ 
nology — is  still  a  few  years  away.  In  the 
meantime,  CIOs  who  are  already  using 


Companies 
to  Watch 


Red-M 

BLUETOOTH,  the  wireless  “cable 
replacement"  technology,  has  a 
foothold  overseas,  but  it  still  faces 
an  uphill  battle  in  the  United 
States.  That  hasn’t  stopped  Red-M, 
a  Bluetooth  networking  vendor 
based  in  Wexham,  England,  from 
giving  the  market  a  try. 

The  company  builds  a  variety  of 
Bluetooth-related  products,  includ¬ 
ing  access  servers,  which  manage 
a  Bluetooth  wireless  network;  ac¬ 
cess  points  that  connect  enabled 
devices  to  each  other  or  to  an 
existing  network;  and  the  Blade, 
which  adds  Bluetooth  to  Hand¬ 
spring  and  Palm  Vx  PDAs. 

Bluetooth  has  yet  to  make  sig¬ 
nificant  gains  in  the  United  States, 
where  802.11b  wireless  has  be¬ 
come  the  hot  technology,  but 
Red-M  still  has  hopes  for  its  suc¬ 
cess.  Bluetooth  offers  networking  at 
much  lower  power  levels,  making  it 
ideal  for  smaller  devices  such  as 
PDAs  and  cell  phones.  The  com¬ 
pany  also  offers  a  suite  of  “wire- 
lessware”  products,  collectively 
called  Genos,  that  let  companies 
implement  and  manage  multipro¬ 
tocol  wireless  networks  (including 
Bluetooth  and  802.11b).  Using 
Genos,  companies  can  control  user 
access,  establish  quality-of-service 
guidelines,  set  policies  on  what 
devices  receive  which  content,  and 
allow  users  to  roam  among  various 
wireless  networks  seamlessly. 

For  more  information,  visit 
www.red-m.com. 

-Christopher  Lindquist 


Leadership  &  Innovation  for 
the  Future  of  the 
Integrated  Enterprise 

To  get  the  most  out  of  the  IT  investments  you’ve  made  in  the  past,  you’ll 
have  to  integrate  them  in  the  future.  In  a  customer-focused,  e-business 
world,  you’ve  got  to  be  able  to  move  and  use  data  from  any  point  in  the 
value  chain  at  any  time.  Your  applications  must  work  together  and 
share  information  freely.  You’ll  need  both  technological  and  procedur¬ 
al  integration.  This  will  require  both  leadership  and  innovation. 

Please  join  us  at  the  Fourth  Annual  CIO  100  Symposium ®  &  Awards. 

■  Learn  how  this  year’s  CIO  100  Award  Winners  and  other  IT 
executives  have  structured  and  designed  their  integrated  enterprises 

■  Find  out  which  technology  innovations  will  transform  the  way 
business  gets  done 

■  Take  away  great  ideas  for  leading  your  own  business  into  an 
integrated  future 

To  enroll,  CALL  800  355-0246  or  visit  our  WEB  SITE 
at  www.cio.com/conferences. 


The  Broadmoor 

Colorado  Springs,  CO 

August  18-20, 2002 


Moderator 

Paul  Saffo 

Director  and 
Roy  Amara  Fellow 
Institute  for  the  Future 

Partners 

Acxiom  Corporation 
Day  Software,  Inc. 

EDS 

PeopleSoft,  Inc. 

Sterling  Commerce 
Wheelhouse  Corporation 


This  year's  CIO  WO 
Awards  Ceremony  is 
proudly  underwritten  by 


Emerging  Technology 


2G  wireless  data  technologies  say  the 
faster  the  better.  Analysts  think  the  next 
step,  2.5G  or  similar  services,  will  be  fast 
enough  to  satisfy  most  data  users,  unless 
they  are  trying  to  stream  video  to  their 
phone.  But  why  would  someone  want  to 
watch  a  video  on  such  a  small  screen? 

“No  one  will  tell  you  that  fast  is  too 
fast,  but  for  most  of  the  applications  we 
are  going  to  be  using  over  the  next  year,  the 
speeds  we’re  going  to  have  will  be  fine,” 
says  Ken  Hyers,  a  senior  wireless  analyst  at 

The  faster  speeds 
don’t  necessarily 
change  the 
basic  uses  for 
wireless  devices. 


UNDER  DEVELOPMENT 

Advanced  physics 


Newton,  Mass. -based  Cahners  In-Stat 
Group.  Unless  you  want  to  use  wireless 
technologies  to  stream  video,  there’s  no 
reason  to  wait  for  3G,  says  Hyers,  who 
doesn’t  think  we’ll  see  true  3G  until  2005. 

Faster  is  always  happier,  agrees  Jim 
Cogliano,  COO  of  The  Sullivan  and  Cog- 
liano  Cos.,  a  Waltham,  Mass. -based  IT 
staffing  company  that  has  50  reps  using 
Nextel’s  mobile  data  services  to  sync  up  to 
their  Outlook  accounts  via  wireless  phones. 
Cogliano  says  his  current  speed  isn’t  bad. 

There’s  still  a  lot  of  skepticism  about 
these  faster  networks  actually  materializ¬ 
ing.  Santosh  Patel,  director  of  service  oper¬ 
ations  for  North  America  at  Honeywell  in 
Morristown,  N.J.,  has  1,400  technicians 
using  a  wireless  field  service  automation 
application  on  a  combination  Cingular  2G 
network  and  Wireless  Matrix  satellite  net¬ 
work.  “Data  speeds  around  56K  will  open 
up  more  possibilities,  and  3G  will  open 
up  even  more,”  says  Patel,  “but  I’ll  believe 
it  when  I  see  it.”  ■ 


Danielle  Dunne  is  editor  of  CIO's  Wireless 
Communications  Research  Center. 


Quantum  Leap 

A  QUANTUM  physics  breakthrough  could  turn  pipe  dreams,  such  as  ultra-high-speed 
quantum  computers  and  teleportation,  into  real-world  technologies. 

Eugene  Polzik  and  his  coresearchers  at  Denmark’s  University  of  Aarhus  have 
managed  to  raise  the  mysterious  concept  of  quantum  entanglement— a  link  between 
two  or  more  particles  that  have  no  physical  contact— to  an  unprecedented  scale.  The 
team  gathered  two  clouds  of  cesium  gas,  each  containing  about  a  trillion  atoms,  into 
separate,  sealed  vessels.  They  then  shined  a  laser  through  both  clouds.  For  a  split 
second,  the  clouds  became  entangled,  and  magnetic  changes  in  one  instantly  affected 
the  other.  The  previous  entanglement  record  was  a  mere  four  atoms. 

The  development  could  lead  to  the  creation  of  computers  and  communications 
networks  that  operate  much  faster  than  anything  that’s  available  today,  says  Peter 
Handel,  a  physics  professor  at  the  University  of  Missouri  in  St.  Louis.  ‘‘Information 
encoded  in  photons  could  be  transmitted  to  places  without  sending  them  across 
space,”  he  says.  Quantum  entanglement  could  also  allow  matter  to  be  transported 
from  one  location  to  another  by  instantly  duplicating  the  properties  of  one  object  in 
another  place. 

Other  researchers,  however,  are  skeptical  about  quantum  entanglement’s  sci-fi 
aspects.  “You  can't  transfer  information  faster  than  the  speed  of  light,  that’s  an 
immutable  law  of  physics,”  warns  Randall  Hulet,  a  physics  and  astronomy  professor  at 
Rice  University  in  Houston.  Yet  Hulet  is  confident  that  quantum  science  will  eventually  be 
able  to  provide  tangible  IT  benefits.  “Quantum  mechanics’  promise  lies  in  things  like 
unbreakable  codes  and  computers  that  run  exponentially  faster  by  operating  in  multiple 
states  rather  than  step-by-step,”  he  says.  “Quantum  entanglement  is  significant,  but  it’s 
also  important  not  to  get  carried  away  by  things."  -John  Edwards 


114  CIO  MARCH  15,  2002  •  www.cio.com 


2002  Georgia  CIO  of  the  Year  Awards'  Call  for  Entries 


GIOs 

don’t  receive 


intellinet 


The  Georgia  CIO  of  the  Year  Awards  are  presented  to  Georgia-based  chief  information 
officers  who  have  shown  excellence  in  managing  their  enterprise-wide  information 
systems.  Visit  www.georgiacioawards.com  to  submit  your  online  application  and  for 
more  details.  And  get  the  recognition  you  deserve.  Entries  due  by  April  16,  2002. 


www.georgiacioawards.com 


Emerging  Technology 


REVISIT 

Visualization 


Seeing  with  Digital  Eyes 

Computer-aided  visualization  looks  to  bring  data  to  life 


BY  FRED  HAPGOOD 

MOST  DAYS  of  the  week  we  are  as  sober 
as  judges,  but  we  can  be  tempted.  In  April 
1 993  we  proved  the  point  by  eloping  with 
a  looker  by  the  name  of  visualization. 
“Soon. ..visualization  will  become  the 
foundation  for  business  planning,  intuitive 
analysis,  bilateral  decision  making  and  the 
creation  of  value,”  we  wrote.  And  not  10 
years  down  the  road  either.  “Vision’s 
time,”  we  announced,  “has  come.” 

The  promise  that  seduced  us  was  the 
potential  of  developing  striking,  memo¬ 
rable,  novel,  visual  metaphors  for  busi¬ 
ness  processes  and  using  those  metaphors 
to  make  monitoring  and  managing  those 
processes  simpler,  faster  and  more  intelli¬ 
gent.  If  that  could  happen,  managers 
would  be  able  to  push  collaboration  to 
new  levels  of  complexity,  work  with  much 
larger  volumes  of  data  and  do  intelligent 
sorting  through  huge  solution  spaces.  We 
liked  this  prospect  a  lot.  “Visualization 
tools  are  the  most  important  information 


technology  since  the  typewriter,”  we  said. 

Nine  years  later  it  seems  safe  to  say  that 
this  proposition  still  sounds  a  bit  sweep¬ 
ing.  True,  the  commodity  end  of  data  visu¬ 
alization — bars,  pie  charts,  line  graphs — 
did  get  a  lot  cheaper  and  easier,  but  pie 
charts  don’t  do  much  that  can’t  be  done 
with  text.  We  had  something  more  ambi¬ 
tious  in  mind. 

To  be  fair,  those  ambitions  have  come 
close  to  realization  in  a  number  of  special¬ 
ized  sectors,  including  cutting-edge  CAD 
programs  such  as  Graphisoft’s  ArchiCAD 
that  allow  building  visualizations  that 
architects  can  use  for  design,  marketing 
for  virtual  reality  tours,  contracting  for 
construction  scheduling,  and  finally,  when 
the  building  is  complete,  managing  assets 
and  facilities  by  tenants  and  agents. 
Farmers  routinely  build  maps  of  their 
fields  that  represent  chemical  applications 
and  crop  yields  on  a  yard-by-yard  basis. 
Mechanical  engineers  use  kinematic  visu- 


Ethernet  all  the  Way 

A  SOON-TO-BE-released  standard 
could  have  significant  ramifica¬ 
tions  for  bringing  Ethernet  to  the 
local  loop  or  “last  mile,”  according 
to  a  recent  report  by  Cahners 
In-Stat  Group. 

The  report  notes  that  a  working 
version  of  the  IEEE  802. 3ah  stan¬ 
dard,  which  looks  to  spell  out 
Ethernet  broadband  access 
topologies  for  both  fiber  and  cop¬ 
per,  should  be  in  place  by  the  end 
of  2002.  When  it  arrives,  the 
report  states,  it  should  bring  a 
number  of  advantages,  including 
network  simplicity,  reduced  infra¬ 
structure  costs,  increased  band¬ 
width  per  dollar  of  infrastructure 
and  easier  provisioning.  These 
benefits  should  make  Ethernet  an 
attractive  alternative  to  Tl,  T3, 
frame  relay,  ATM  and  Sonet  access 
technologies,  the  report  says. 

Ethernet  in  the  last  mile  faces 
bigger  hurdles  in  the  consumer 
market,  however,  where  entrenched 
cable  and  DSL  providers  may  not 
be  inclined  to  implement  the  new 
technology,  at  least  in  the  near 
term,  according  to  In-Stat.  The 
Ethernet  technologies  must  also 
work  well  over  copper  wire,  as  very 
few  residential  customers  have 
fiber  running  to  their  homes. 

For  more  information,  visit 
www.instat.com. 

-Christopher  Lindquist 


116  CIO  MARCH  15,  2002  •  www.cio.com 


What's  ait  ASP? 


daffy  domain  of 
dotcom  namers 

PAGE  110 


How  Two  Brot 


Turned  The  Fam 
On  Its  Head  PAG 


Why  today's 
hottest  three- 
letter  acronym 
should  scare  you 

PAGE  90 


Inside  the 

. 


home  again! 

Return  of 
the  prodigal 
dotcommies 

PARE  tjf« 


IDG 


Business  Evolving  in  the  Information  Age 


ere  i  s  s  u 


j  On e / j 


m 


■  ■ 


You  asked 


to  help  educate  senior  management  on  the  business  value  of  technology. 

We  heard  you.  And  we’re  pleased  to  announce  Darwin. 


Darwin  is  the  first  magazine,  written,  edited  and 
calibrated  for  business  executives.  Every  issue 
demystifies  technology  for  non-technology  executives 
and  helps  them  understand,  identify  and  support 
technology  options  to  achieve  your  organizational  goals. 

Darwin  covers  al]  the  technologies  executives  need 
to  know,  not  just  the  Internet.  From  application  software 
to  ASPs,  from  encryption  to  ERP,  hardware  to  hosting, 


VPNs  to  vendor  relations  —  everything  it  takes  to  use 
technology  to  solve  business  challenges. 


Darwin  is  FREE  to  qualified 
non-technology  executives.  Tell  your  team 
to  apply  for  a  Free  Subscription  at 

www.darwinmag.com/subscribe 


alizations  to  test  tolerances  and  clearances. 
Medical  imaging  is  a  continuing  miracle. 

However,  it  is  worth  noting  that  almost 
all  this  progress  has  taken  place  with  data 
already  possessing  a  spatial  character.  All 
visualizations  are  fundamentally  meta¬ 
phors:  Each  element  has  to  stand  for 
something.  No  matter  how  powerful  a 
visualization  might  be,  if  that  connection 
is  not  obvious  to  its  users  there  is  no  point 
to  the  product.  Pie  charts  worked  because 
people  came  to  them  already  understand¬ 
ing  the  difference  between  small  and  large 
slices  of  pie.  Spatial  data  is  inherently  obvi¬ 
ous  in  the  same  sense;  it  is  easy  to  under¬ 
stand  what  it  means  to  walk  around  inside 
a  virtual  building  because  we  have  so  much 
experience  walking  around  real  buildings. 


- - - 1  Emerging 

own  image  processing  and  then  generaliz¬ 
ing  from  that  vocabulary.  He  is  hopeful 
that  a  new  science  called  vernacular  geog¬ 
raphy,  the  study  of  geospatial  metaphors 
in  everyday  life  (as  in  such  phrases  as  “over 
the  hill,”  “around  the  bend”  or  “ain’t  no 
mountain  high  enough”)  will  uncover  the 
building  blocks  for  this  advance. 

On  the  other  hand,  Tony  Crescenzo, 
CEO  of  Illumitek,  a  visualization  com¬ 
pany  in  Herndon,  Va.,  suspects  another 
solution  might  lie  in  industrial-strength 
interactivity.  He  points  out  that  if  a  sys¬ 
tem  can  transform  complex  data  quickly 
enough,  it  doesn’t  matter  what  the  visual 
metaphor  is  (within  reason),  since  the 
interactivity  makes  it  easy  to  match  data 
with  onscreen  objects  and  therefore  makes 


Visualization  in  the  sense  of  an 
advanced  interface  makes  sense 
only  when  it  addresses  very  large 
amounts  of  data. 


For  visualization  to  be  as  important  as 
the  typewriter,  the  technology  has  to  work 
where  the  spatial  aspects  of  the  data  in 
question  are  either  irrelevant  or  do  not 
exist  at  all.  These  latter  applications  raise 
the  old  problem  of  finding  a  happy  com¬ 
promise  between  ease  of  use  and  power, 
between  finding  metaphors  that  are  both 
easy  to  learn  while  delivering  unprece¬ 
dented  levels  of  information  density. 

Some  observers  think  the  right  path  to 
visual  computing  is  finding  or  designing 
new  metaphors.  Bob  Jacobson,  CEO  of 
Modern  Visualization  based  in  Burlingame, 
Calif.,  suspects  that  inventing  better  visu¬ 
alizations  might  well  depend  on  uncovering 
the  fine  details  of  how  the  brain  does  its 

cio.com _ 

Read  Chris  Lindquist’s  TECH  TACT: 

NEW  TOOLS  FOR  NEW  JOBS, 

every  Monday  at  www.cio.com. 


that  metaphor  easy  to  learn.  Higher  inter¬ 
activity  also  makes  it  easy  to  extend  the 
power  of  familiar  metaphors. 

Visualization  in  the  sense  of  an  ad¬ 
vanced  interface,  however,  makes  sense 
only  when  it  addresses  very  large  amounts 
of  data.  (Simple,  cheap  and  familiar  rep¬ 
resentations — bar  charts,  for  example — 
exist  in  abundance  for  smaller  data  sets.) 
For  most  of  the  past  decade  the  costs  of  the 
storage  of  even  a  modest  number  of  giga¬ 
bytes  and  the  computational  resources 
required  to  manipulate  them  quickly  im¬ 
posed  a  price  level  that  was  prohibitive  for 
all  but  the  most  value-laden  applications. 

In  addition,  until  recently  data  compi¬ 
lations  often  entailed  pulling  scattered  and 
usually  incompatible  databases  together, 
adding  programming  costs  on  top  of  that. 
Crescenzo  thinks  that  only  now,  when  it 
is  practical  to  think  in  terms  of  clusters  of 
2GHz  processors  running  on  top  of  data 
warehouses  containing  tens  of  terabytes, 


Technology  | - 

is  the  environment  right  for  real  progress  in 
the  art.  (In  addition,  many  companies  now 
use  storage  networks  that  can  pool  their 
data  with  just  a  couple  of  mouse  clicks.) 

This  emphasis  on  interactivity  is  leading 
some  engineers  to  look  for  visual  meta¬ 
phors  in  the  most  highly  interactive  sector 
of  the  IT  culture — computer  games.  “In 
practice,  visualization  is  mostly  about  pre¬ 
senting  changes  in  complexity  that  vary 
with  time,”  says  Stephen  Eick,  CTO  of 
Visual  Insights,  an  e-business  performance 
company  based  in  Naperville,  Ill.  When 
his  company  started  to  design  its  products, 
the  employees  asked  themselves  what 
experiences  their  target  market  had  with 
representations  of  that  sort.  The  answer 
would  have  been  obvious  to  any  CIO, 
especially  on  Friday  night,  during  the  in- 
terdivisional  Quake  tournaments. 

Eick  suspects  that  the  right  vocabulary 
of  commercial  visualization  will  be  very 
gamelike,  rather  like  the  vision  of  the  ma¬ 
trix  in  William  Gibson’s  prophetic  Neuro- 
mancer.  Users,  individually  or  in  collab¬ 
orations,  will  hover  over  data  landscapes, 
zip  down  or  up  through  levels  of  resolu¬ 
tion,  and  transform  them  with  a  gesture. 
(Visual  Insights  has  such  faith  in  that 
vision  that  it  built  its  products  on  the 
Microsoft  Game  API;  in  theory,  the  prod¬ 
ucts  could  run  on  the  Xbox.) 

With  some  extrapolation,  one  could 
imagine  that  competitors  will  appear  as 
the  zombie  reptiles  from  Xork,  to  be  dis¬ 
patched  by  lethally  innovative  product 
designs.  Maintenance  efficiencies  will  add 
or  subtract  vitality  points.  Players  can 
spend  procurement  savings  on  magic 
armor  or  gas  arrows.  Promotion  ladders 
will  weave  in  and  out  of  virtual  environ¬ 
ments — today  a  vice  president,  tomorrow, 
a  wizard  of  the  first  rank. 

This  may  sound  like  a  trick  to  keep 
employees  working  80  hours  a  week,  but 
before  we  get  upset  let’s  first  see  if  any¬ 
body  complains.  E0 


Fred  Hapgood  is  a  freelance  writer  based  in  Bos¬ 
ton.  He  can  be  reached  at  hapgood@pobox.com. 


118  CIO  MARCH  15,  2002  •  www.cio.com 


■i— i—i ■■  ■  — —  m  a—  P.23  DHip^anpnnr.iu  oaf  nh^hiimm*  r-*« 

BialT  World 

SB™*  Bio-fT  Skills  Highly  Valued 


-  ' '  '  *'  V  J‘  ' 


Jt  I 


'  -.vf 

MM 


Molecular  mining.  High-performance  computing. 
Data  storage  and  integration.  How  will  you  ever 
stay  up  on  the  latest  bio-IT  solutions?  With  the  only 
magazine  to  focus  on  the  unique  information  needs 
of  bio-IT  professionals  from  cover  to  cover. 

Don't  miss  an  issue.  For  your  free  subscription, 
visit  www.Bio-ITWorld.com/subscribe. 


Information  technology  for  the  life  sciences. 


*IDG 

INTERNATIONAL  DATA  CROUP 


Ask  the  Expert 

Advice  from  people  who  know 


Gearing  Up  for 
Globalization 

Katarina  Bonde,  CEO  of  technology  provider  Glides, 
addressed  readers’  questions  on  CIO.com  about  the 
challenges  of  globalizing  and  localizing  Web  content 


Q:  About  a  year  ago  I  was  promoted  to  corporate  webmaster. 
My  predecessor  and  I  developed  a  plan  whereby  all  offices  would 
use  one  Web  development  tool,  and  templates  would  be  dis¬ 
tributed  along  with  guidelines  for  development  and  presenta¬ 
tion.  Despite  the  fact  that  international  offices  would  still  be 
able  to  manage  their  own  content,  the  policy  has  never  passed 
owing  to  internal  politics.  Lacking  an  executive  mandate  for 
centralization,  most  international  Webs  are  now  on  ISPs,  devel¬ 
oped  and  maintained  via  a  myriad  of  products  and  technolo¬ 
gies.  My  team  must  now  develop  and  maintain  separate  toolkits 
(templates,  guidelines  and  so  forth)  for  both  centrally  served 
Webs  and  those  on  the  remote  servers.  Can  you  provide  any 
insight  on  how  best  to  steer  this  into  a  more  manageable 
situation? 

A:  Many  companies  struggle  with  similar  problems.  On  the 
one  hand,  they  want  to  maintain  content  along  with  brand  con¬ 
sistency,  accuracy  in  multiple  languages  and  a  turnaround  time 
of  Internet  speed.  On  the  other  hand,  they  have  to  deal  with 
time  differences  when  communicating  between  offices,  poor 
Internet  connections  in  many  countries  and  few  resources  that 

120  CIO  MARCH  15,  2002  •  www.cio.com 


£5 

£ 

eOj 

V 

Jit 

m 

slow  down  the  workflow  processes  to  a  trickle.  Most  regional 
offices  have  special  promotions  and  seminars  that  are  time- 
sensitive  and  specific  to  their  regions.  They  want  to  offer  only 
relative  information  that  caters  to  their  specific  regional  audi¬ 
ence.  They  also  need  to  be  concerned  with  the  speed  of  con¬ 
nection  between  the  international  offices  and  their  websites. 
Subsidiaries  become  frustrated  with  long  turnaround  times, 
inability  to  tailor  content  for  regional  audiences  and  slow  con¬ 
nection  to  nonregional  websites.  The  corporate  office  knows  the 
problems  exist,  but  it  can’t  find  a  solution.  When  the  office 
weighs  the  benefits  of  controlling  brand  consistency  and  accu¬ 
racy  against  time  to  market,  the  decision  often  made  is  to  let 
the  subsidiaries  go  off  on  their  own.  It  all  boils  down  to  the 
corporate  office  golden  rule:  Don’t  impede  sales. 

So,  how  do  you  get  to  a  more  manageable  situation?  Show 
them  an  affordable,  centralized  content  management  solution 


ILLUSTRATION  BY  ROBERT  NEUBECKER 


PRESENTS 


NETWHRLD 

+INTEROP 


i/> 

< 

KD 

LU 

> 


conference:  May  5“10,  2002 
EXHIBITION:  May  7-9,  2002 

LAS  VEGAS  CONVENTION  CENTER 


Give  us  one  week.  We'll  give  you  the  future 

Join  us  at  i  he  world's  largest  networking  event. 


Meet  representatives  from  top  companies,  including: 

•  Adtran  •  Alcatel  •  American  Power  Conversion  •  AT&T  •  Avaya  •  BMC  Software  •  Broadcom  Corporation  •  Cable  &  Wireless 

•  Check  Point  Software  Technologies  Inc.  •  Cisco  Systems,  Inc.  •  Computer  Associates  •  EMC  Corporation  •  Enterasys  Networks 

•  Extreme  Networks  •  F5  Networks  •  FalconStor  •  Fluke  Networks  •  Foundry  Networks,  Inc.  •  Hewlett-Packard  •  IBM  Microelectronics 

•  Infineon  Technologies  •  Intel  •  Internet  Security  Systems  •  Maxtor  Corporation  •  Mercury  Interactive  Corporation 

•  Microsoft  Corporation,  Inc,  •  National  Semiconductor  Corporation  •  NEC  •  NetScreen  Technologies 

•  Network  Appliance  Inc.  •  Network  Associates  •  Nortel  •  Novell  •  Polycom  Inc.  •  OPNET  Technologies,  Inc.  __ — — 

•  QuantumlATL  •  Qwest  •  RAD  Data  Communications  •  RADWARE  Inc.  •  RADLAN  Inc.  •  Red  Hat,  Inc.  \  \  A 

•  Sitara  Networks  •  Sprint  •  StorageTek  *  Symbol  Technologies,  Inc.  •  Trend  Microsystems  \  \  >  -  j 

•  Veritas  Software  •  Visual  Networks  •  and  more  \  \  -A - -  :  / 


Hear  from 

keynotes, 

including: 


Learn  from  leading  industry  thinkers,  including 

SPEAKERS  INSTRUCTORS 

•  Gary  Tomlinson,  CTO,  •  Dr.  Douglas  E.  Comer, 

CacheFlow  Professor  of  Computer 

Science,  Purdue  University 

Dr.  David  Clark,  Senior 
Research  Scientist,  MIT  _ _ 

Francois  Fluckiger, 

Deputy  Leader,  CERN  — . 

Dr.  Stephen  Kent, 

Chief  Scientist, 

Information  Security,  Jfflj 
BBN  Technologies 

Dr.  Radia  Perlman, 

Distinguished  Engineer, 

Sun  Microsystems,  Inc. 


John  Chambers 

President  and  CEO 
Cisco  Systems,  Inc. 


■r-T^oooo  1 1  o  ,n 
^\SQ,^oW000,,0'o,nV0^ 

olOOOOtloio.v'O/, 


•  Gene  Kim,  Chief  Technology 
Officer,  Tripwire,  Inc. 

•  Stuart  McClure,  President 
and  CTO,  Foundstone,  Inc. 

•  Greg  Howard,  Founder  and 
Principal  Analyst,  The  HTRC 
Group 

•  Robert  Berger,  Founder, 
Chairman  and  CTO, 
UltraDevices,  Inc. 

•  Cody  Menard,  CTO, 

Covasoft 

•  B.V.  Jagadeesh,  President 
and  CEO,  Netscaler,  Inc. 


Serge  Tchuruk 

Chairman  and  CEO 

Alcatel 


Maynard  Webb 

President 

eBay  Technologies 


A  critical  event  for  IT  networking  professionals,  service  providers,  integrators 
and  anyone  who  uses  technology  to  create  business  solutions. 

Register  today  at  www.interop.com/lasvegas 


or  call  888-886-4057;  international,  781-433-1516. 

Interested  in  exhibiting  at  NetWorld+Interop?  Please  call  our  Sales  department  at  800-776-6676  ext.  7927;  or  international,  650-372-7927. 


Coupon  Code:  334 


FFICIAL  CORPORATE 
SPONSORS  OF 
KEY3MEDIA  GROUP 


Mercedes-Benz 


I 


Official  Card  of  NetWorld+Interop 


Official  Automotive  Sponsor 


NYSE 

New  York  Stock  Exchange® 


Digital  Island. 

d  Cable  &  Wireless  company 


The  Official  Web 
Services  Provider 
for  Key3Media 


Use  Priority  Code 
CCMG2 

when  registering. 


|  tpyright  ©  2002  Key3Media  Events,  Inc.,  303  Vintage  Park  Drive,  Foster  City,  CA  94404-1 1 35.  All  Rights  Reserved.  NetWorld+Interop  2002  Las  Vegas  is  a  Key3Media  event.  Key3Media, 
Iterop,  NetWorld+Interop,  and  associated  design  marks  and  logos  are  trademarks  owned  or  used  under  license  by  Key3Media  Events,  Inc.  and  may  be  registered  in  the  United  States  and 
mer  countries.  NetWorld  is  a  service  mark  of  Novell,  Inc.  and  may  be  registered  in  certain  jurisdictions.  Other  names  mentioned  may  be  trademarks  of  their  respective  owners. 


INTEROP 


Ask  the  Expert 


that  gives  them  significant  improvement  on  turnaround  time 
by  streamlining  the  workflow  processes.  The  important  part 
is  for  the  platform  to  allow  remote  users  to  edit,  review  and 
publish  content  that  they  are  responsible  for.  The  solution 
should  also  give  them  the  ability  to  maintain  content  along 
with  brand  consistency  and  accuracy  in  multiple  languages,  but 
the  flexibility  to  address  regional  issues  by  tailoring  the  con¬ 
tent  for  regional  audiences  and  publishing  to  regionally  located 
Web  servers. 

Companies  need  to  remember  that  the 
Web  is  inherently  global. 

Q:  What  are  the  key  technologies  that  prepare  a  website  for  the 
global  environment? 

A:  Companies  need  to  remember  that  the  Web  is  inherently 
global;  when  a  company  launches  a  website,  it  is  accessible  by 
a  worldwide  audience.  While  there  are  no  technologies  that  pre¬ 
pare  companies  for  the  global  environment,  there  are  things 
they  need  to  consider  and  architecture  constraints  they  need  to 
keep  in  mind.  For  example,  high-speed  connec¬ 
tivity  is  not  as  prevalent  internationally,  so  don’t 
design  your  site  with  the  T1  audience  in  mind. 

Or  at  least  offer  a  version  of  the  site  that  mini¬ 
mizes  bandwidth-intensive  components. 

From  a  network  design  standpoint,  consider 
mirroring  your  servers  in  key  geographic  locations 
to  provide  an  increased  response  time  to  your 
international  visitors.  This  mirroring  can  easily 
be  accomplished  through  conversations  with  your  ISP.  Finally, 
companies  need  to  consider  languages  when  addressing  a  global 
audience.  Studies  show  that  people  are  significantly  more 
responsive  when  addressed  in  their  native  tongue.  Consider 
which  languages  make  the  most  sense  for  your  company  and 
add  them  only  when  you  are  able  to  effectively  handle  com¬ 
munication  from  that 
region.  However,  some¬ 
times  a  really  good  way 
to  test  and  cost-effectively 
get  feedback  from  a 
potential  target  market  is 
to  create  a  version  of 
your  site  for  that  market, 
in  that  language,  and 
drive  traffic  to  the  site 
through  remote  cam¬ 
paigns.  A  key  component 
of  a  multilingual  website 


is  translation  and  content  synchronization.  Be  sure  to  thor¬ 
oughly  evaluate  content  management  tools  with  a  special 
emphasis  on  multilingual  content. 

Q:  Must  all  websites  in  a  company  look  the  same?  We  have  three 
separate  sites,  and  all  perform  different  functions  but  are  related 
to  the  same  general  subject  matter.  The  sites  share  a  common  but 
very  wide-ranging  audience:  management,  nonmanagement, 
technical  users,  nontechnical  users  and  so  forth.  The  three  sites 
were  created  at  different  times  and  have  differing  volumes  of 
users.  My  supervisor  feels  that  we  should  standardize  these  sites. 
Other  than  pleasing  my  supervisor,  what  are  the  benefits  of  stan¬ 
dardizing  departmental  websites?  Should  they  look  exactly  the 
same?  How  much  does  it  really  benefit  us  to  undertake  this  effort? 
A:  Whether  to  standardize  the  look  and  feel  of  multiple  websites 
depends  on  your  company’s  branding  strategy  and  the  pur¬ 
pose  of  the  different  sites.  There  are  a  number  of  benefits  to 
standardizing  websites.  For  example,  companies  can  manage 
content  and  development  tools  easier  and  faster  with  fewer 
staffers  and  standardized  content  management  tools.  Standard¬ 
izing  also  allows  you  to  repurpose  that  content  so  you  have  to 
enter  the  content  only  once  and  can  use  it  for  multiple  purposes. 


The  other  consideration  is  branding.  If  your  company  has  a 
strong  brand  identity  or  is  attempting  to  build  a  strong  brand 
identity,  standardizing  the  look  and  feel  of  multiple  sites  will 
help.  A  website’s  appearance  is  part  of  that  brand  identity:  The 
more  that  “look  and  feel”  is  seen,  the  more  that  identity  is  rein¬ 
forced.  In  most  cases,  it  is  better  to  standardize  to  help  build 
the  company’s  brand  identity  and  take  advantage  of  easier,  faster 
content  management  tools.  The  company  wins  all  around. 

However,  sometimes  that  can  be  a  disadvantage.  For 
example,  if  your  company  has  a  strong  brand  identity  that 
people  associate  with  high-end  quality  products  and  the 
company  is  about  to  introduce  a  low-end  product  line,  both 
products  might  suffer  by  association.  Instead,  the  company 
may  choose  to  create  a  new  brand  identity  for  the  low-end 
product  line.  HEJ 


To  suggest  topics  for  this  column,  contact  Senior  Editor  Daintry  Duffy  at 
dduffy@cio.com.  Katarina  Bonde  is  president  and  CEO  of  Bellevue,  Wash.- 
based  Glides,  a  Web  globalization  technology  provider. 


Studies  show  that  people  are 
significantly  more  responsive  when 
addressed  in  their  native  tongue. 


cio.com _ 

Ask  the  Expert 

Have  a  question  about  IT  certification? 
MICHAEL  CLIFTON,  chief  operating 
officer  of  Boston-based  Nobilis 
Software,  will  be  available  through 
March  31.  Post  your  questions  at 
www2.cio. com/CIO/expert,  or  e-mail 
them  to  asktheexpert@cio.com. 


12  2  CIO  MARCH  15.  2002 


www.cio.com 


The  events  of  2001  have  proven 

that  America’s  business  and  IT 
organizations  are  both  adaptive  and 
strong  —  but  where  do  we  go  from  here? 


APRIL  14-16,  2002  ■  SHERATON  BAL  HARBOUR  BEACH  RESORT  ■  BAL  HARBOUR,  FLORIDA 


Get  powerful  insights  and 
actionable  ideas  from  the 
people  you  trust  the  most: 
your  CIO  peers  at  leading 
companies,  plus  thought 
leaders  on  the  economy, 
the  law,  technology  and 
business. 

Jonathan  Zittrain,  noted 
speaker  and  Executive 
Director  of  the  Berkman 
Center  for  Internet  & 
Society  at  the  Harvard 
Law  School,  joins  us  as 
Perspectives  moderator. 


Strategies  for 

fheNew  Reality 


WE’LL  TACKLE: 


■  THE  ECONOMY  How  long  and  rocky  is  the  road  ahead? 

Robert  Shiller,  Economist  and  author  of  Irrational  Exuberance 

m  IT  AND  BUSINESS  STRATEGIES  Re-align  —  on  a  continuous 
basis  —  as  the  world  keeps  changing.  A  panel  of  global  CIOs,  led  by 
Richard  W.  Swanborg,  President  and  Founder,  ICEX 

■  LEADERSHIP  AND  COMMUNICATIONS  Get  the  results  you  want 

—  from  senior  management,  peers,  and  employees. 

Dr.  Rick  Brinkman,  author,  Dealing  with  People  You  Can’t  Stand 

■  IT  BUDGETS  Learn  the  tools  and  techniques  successful  IT 
executives  use  to  set,  sell  and  manage  budgets.  A  panel  of  CIOs,  led  by 
Martha  Heller,  Director,  CIO's  Best  Practice  Exchange 

■  LEGAL  LIABILITY  Know  where  you  and  your  company  are  vulnerable 

—  and  what  you  can  do  about  it. 

Bruce  P.  Keller,  Partner,  Debevoise  &  Plimpton 


PLUS  A  special  keynote  address  byjames  A.  Champy 
on  his  radical  rethinking  of  the  corporation  and  his 
provocative  concept  of  X-Engineering. 

AND  an  interview  on  the  role  of  the  CIO  in  a  changing 
environment  with  Kevin  Turner,  CIO,  Wal-Mart  Stores. 


Strategies  for  the 

New  Reality 


APRIL  14-16,  2002  ■  SHERATON  BAL  HARBOUR  BEACH  RESORT  ■  BAL  HARBOUR,  FLORIDA 


CIO  Perspectives.  Powerful  insights.  ActionabL 


SUNDAY,  APRIL  14 

8:00  am  -  1:30  pm 

Golf  Tournament 

3:00  pm  -  5:00  pm 

Registration 

6:00  pm  -  8:00  pm 

Welcome  Reception 

Meet  your  peers,  CIO  editors, 
Corporate  Hosts  and  speakers. 

8:00  pm  -  10:00  pm 

A  Night  @  the  Improv 

Hosted  by  Information  Builders, Inc. 

MONDAY,  APRIL  15 

7:30  am  -  8:30  am 

Breakfast  &  Registration 

8:30  am  -  8:45  am 

Welcome  &  KnowPulse  Poll 

ABBIE  LUNDBERG 

Editor  in  Chief,  CIO  Magazine 

8:45  am  -  9:30  am 
Opening  Keynote: 

Is  There  Such  a 
Thing  as  Too 
Much  Security? 

JONATHAN 
ZITTRAIN,  Conference  Moderator 
Executive  Director,  The  Berkman 
Center  for  Internet  &  Society, 
Harvard  Law  School 
The  push  toward  a  more  secure 
Internet  has  been  revitalized  by 
recent  events.  Just  what  forms  will 
that  security  take?  Implications 
reach  far  beyond  combating  virus¬ 
es  and  denial  of  service  attacks. 
Almost  every  way  we  use  the 
Internet,  especially  for  commerce, 
stands  to  evolve,  as  "security”  and 
“trust"  become  the  touchstones  of 
Internet  development. 


9:30  am  -  10:15  am 

CIO  &  CFO: 

Working  Together 
for  Better  Results 

NEIL  HASTIE 
CIO,  TruServ  Corporation 
CORLISS  (CORKY)  J. 

NELSON 

Senior  Executive  Vice 
President  &  CFO, 

Ryder  System,  Inc. 

The  CIO  and  the  CFO  are  the  two 
executives  whose  domains  stretch 
to  every  corner  of  a  company  —  as 
IT  is  woven  through  every  aspect 
of  the  organization,  and  bottom- 
line  concerns  exert  greater  influ¬ 
ence  on  all  initiatives.  Regardless 
of  where  they  sit  on  the  organiza¬ 
tion  chart,  the  two  will  always  have 
a  unique  relationship  —  one  inevit¬ 
ably  colored  with  tension.  A  CIO 
and  CFO  look  at  the  nature  of  the 
roles,  and  discuss  how  to  strike 
the  right  balance  between  an 
appropriate  amount  of  tension  and 
respect  —  and  why  doing  so  will 
produce  better  corporate  results. 

10:15  am  -  11:00  am 
Keeping  Up  with 
Emerging 
Technologies  in 
Turbulent  Times 
CHARLES  S.  BRENNER 
Senior  Vice  President,  Fidelity 
Center  for  Applied  Technology 
The  hardest  part  of  a  CIO's  job  is 
trying  to  keep  up  with  emerging 
technologies.  Companies  must 
decide  whether  or  not  to  invest  in 
new  technology  development. 

Fidelity  Investments  is  one 
company  that  has  continued  to 
invest  heavily  in  innovation. 

Brenner  explains  why  his  com¬ 


pany  believes  that  an  economic 
downturn  is  the  ideal  time  to  make 
investments  in  new  technology: 
because  by  the  time  the  markets 
rebound,  it  may  be  too  late  to 
develop  the  new  technologies  and 
services  your  customers  demand 
before  your  competitors  do.  He 
also  talks  about  some  of  the  actual 
technology  directions  Fidelity  is 
currently  pursuing. 

11:00  am  -  11:30  am 

Break 

11:30  am  -  12:15  pm 
Business  Briefings 

Our  Corporate  Hosts  present  case 
studies,  technology  updates,  and 
management  practices. 

12:15  pm  -  1:45  pm 
Working  Lunch: 

The  Economy  — 

A  Special  Report 

ROBERT  J.  SHILLER 
Professor  of  Economics, 

Yale  University 
In  his  best-selling  book,  Irrational 
Exuberance,  Shiller  documented 
the  combination  of  factors  that 
drove  stock  markets  to  dizzying 
heights,  and  forecasted  the  dan¬ 
gers  associated  with  that  phenom¬ 
enon.  The  dot.com  bubble  burst, 
the  economy  quickly  slowed— and 
the  events  of  September  11th  con¬ 
tinue  to  take  a  heavy  toll  psycho¬ 
logically  and  economically.  Where 
do  we  go  from  here? 

2:00  pm  -  3:30  pm 

Business  Briefings 


3:45  pm  -  4:45  pm 

CIO  Panel: 
Rethinking  IT  and 
Business  Strategies 

Moderator:  RICHARD 


W.  SWANBORG,  JR. 

President  and  Founder, 

ICEX 
Panelists: 

JOHN  GLASER 
Vice  President  and  CIO, 

Partners  Healthcare 
System,  Inc. 

ED  GLOTZBACH 
Executive  Vice 
President  and  CIO,  SBC 
Communications  Inc. 

How  do  you  keep  your  IT  strategy  rel¬ 
evant  and  visible  while  your  business 
undergoes  significant  change?  How 
do  you  improve  the  speed  for  setting 
an  IT  strategy  and  getting  buy-in 
from  all  your  stakeholders?  Is  there  a 
better  way  to  fund  and  quickly  de¬ 
ploy  a  new  strategic  initiative  while 
minimizing  the  risk  of  failure?  Top 
CIOs  share  their  views  and  experi¬ 
ences. 


4:45  pm  -  5:45  pm 
Legal  Liability: 

When  You  and 
Your  Company 
Can  Be  Sued 
BRUCE  P.  KELLER 
Partner,  Debevoise  &  Plimpton 
To  what  extent  are  you  and  your 
company  exposed  based  on  how 
employees  or  third  parties  interact 
with  your  IT  systems?  Do  you 
know  what  your  systems  are  really 
hosting?  A  number  of  corporations 
recently  discovered  that  their  sys¬ 
tems  functioned  as  "super  nodes” 
for  the  FastTrack  file-swapping  net¬ 
work.  Keller  examines  how  current 


- 


To  enroll  or  for  more  information,  call  800  366-0246,  fax  the  form 
to  508  879-7720,  or  visit  our  website  at  www.cio.com/conferences 


“Great  opportunity  to  spark 

“Sharing  knowledge  is 

“In  two  days  1  learned  of 

new  ideas  beneficial  to 

critical  to  survival.  CIO 

several  useful  innovations; 

our  IT  organization  and 

Perspectives  gives  us  the 

we’ll  implement  the  first 

business.” 

opportunity  to  share  with 

one  tomorrow.” 

-A.0.  SMITH  CORPORATION 

and  learn  from  the  best.” 

-WATSON  WYATT  WORLDWIDE 

-AUTOBYTEL,  INC. 

ieas.  Great  networking.  The  best  ROI  for  you. 


concepts  of  organizational  liability, 
privacy  and  intellectual  property 
use  in  the  marketplace  affect  cor¬ 
porations. 

6:00  pm  -  7:00  pm 

Reception 

The  best  place  to  get  connected, 
exchange  more  good  ideas. 

TUESDAY,  APRIL  16 

7:30  am  -  8:30  am 

Breakfast  &  Informal 
Discussion  Roundtables 

Chat  with  CIO  Magazine  editors 
and  your  peers  over  coffee. 

8:30  am  -  8:45  am 
Corporate  IT 
Spending  Trends  — 

Where  Are  They 
Headed? 

GARY  BEACH 
Group  Publisher,  CXO  Media  Inc. 
CIO  Magazine,  in  partnership  with 
Ed  Yardeni,  chief  investment 
strategist  of  Deutsche  Banc 
Alex. Brown,  surveys  a  panel  of 
senior  executives  on  current  and 
future  IT  spending.  Beach  presents 
an  overview  of  the  latest  results 
and  emerging  trends. 

8:45  am  -  9:45  am 

New  Tools,  New 
Approaches  to  E- 
Crime:  A  US  Secret 
Service  Briefing 

BOB  WEAVER 
Assistant  Special  Agent  in  Charge, 
US  Secret  Service, 

NY  Electronic  Crimes  Task  Force 
The  Task  Force’s  approach  is 
unique  in  law  enforcement 
because  of  its  focus  on  prevention, 
education  and  partnership  with 


private  industry,  as  much  as  its 
responsibilities  for  investigation 
and  support  of  prosecution. 

Weaver,  and  Peter  Cavicchia  — 
one  of  the  members  of  his  New 
York  team  who  is  specially  trained 
by  the  USSS  to  handle  electronic 
crimes  —  provide  specific  prac¬ 
tices  and  techniques  used  by  the 
NY  Electronic  Crimes  Task  Force  to 
combat  electronic  crimes,  includ¬ 
ing  forensics  techniques,  technolo¬ 
gy  tools,  and  approaches  the  Task 
Force  takes  that  are  mutually  pro¬ 
ductive  for  business  as  well  as  law 
enforcement. 

This  session  is  produced  in  coop¬ 
eration  with  the  National  Critical 
Infrastructure  Assurance  Office 
(CIAO)  in  the  US  Department  of 
Commerce. 

9:45  am  -  10:45  am 

Best  Practice 
Exchange:  Setting, 

Selling  and 
Managing  the  C” 

IT  Budget 

Moderator:  MARTHA  HELLER 

Director,  Best  Practice  Exchange, 

CIO  Magazine 

BRIAN  BERTLIN 

CIO,  Washington  Group 

International 

WILLIAM  A.  CROWELL 

Former  CIO,  Meredith  Corporation 

JOHN  NORDIN 

Vice  President  &  CIO 

A.  M.  Castle  &  Co. 

TIMOTHY  WRIGHT 

CIO,  CTO  &  Senior  Vice  President, 

Global  Technology 

Terra  Lycos 

CIOs  who  want  to  see  their  pro¬ 
jects  completed  and  their  staff 


intact  understand  the  importance 
of  smart  budget  practices.  This 
panel  of  CIOs,  drawn  from  the  CIO 
Best  Practice  Exchange,  a  private 
online  network  of  senior  IT  execu¬ 
tives,  discusses  the  tools  and  tech¬ 
niques  CIOs  can  use  to  set,  sell, 
and  manage  their  IT  budgets. 

10:45  am  -  11:15  am 

Break 

11:15  am  -  12:45  pm 

Business  Briefings 

1:00  pm  -  2:30  pm 

Networking  Lunch 

2:45  pm  -  3:30  pm 

The  Role  of  the 
CIO  in  a  Changing 
Environment 

A  Special  Interview  with: 

KEVIN  TURNER 
Executive  Vice  President  &  CIO, 
Wal-Mart  Stores,  Inc. 

Turner  shares  his  personal  experi¬ 
ences  and  reflects  on  the  role  of 
today’s  CIOs  in  this  interview  with 
Editor  in  Chief  Abbie  Lundberg 


3:30  pm  -  4:30  pm 
Leadership  and 
Communications 

DR.  RICK  BRINKMAN 
Author,  Dealing  With 
People  You  Can’t  Stand... 

As  CIOs  gain  more  prominence 
within  their  organizations,  they 
have  more  opportunities  to  inter¬ 
act  with  other  senior  executives, 
corporate  officers  and  directors. 
Dr.  Rick  helps  us  understand  the 
cause/effect  of  communications 
and  get  the  results  we  want. 


4:30  pm  -  5:30  pm 
Closing  Keynote 
X-Engineering: 

The  Next  Frontier 

JAMES  A.  CHAMPY 
Author,  X-Engineering 
the  Corporation,  Reinventing  Your 
Business  for  the  Digital  Age 
James  A.  Champy's  radical  rethink¬ 
ing  of  the  corporation  shows  it 
not  simply  as  a  single  collection  of 
processes  turning  out  goods  and 
services,  but  rather  as  part  of  a  web 
of  interacting  processes  that  include 
those  of  every  organization  involved 
in  producing  what  the  company  sells 
His  new  book,  X-Engineering  the 
Corporation,  comes  at  a  time  when 
managers  must  look  beyond  reengi¬ 
neering  and  cross  ("x")  boundaries 
they've  never  crossed  before.  The 
way  to  thrive  defies  all  previous  mod¬ 
els;  it’s  the  next  frontier  for  dramatic 
business  performance  improvement. 

5:30  pm  -  5:45  pm 

Summary/Conclusions 

JONATHAN  ZITTRAIN 

5:45  pm  -  7:00  pm 

Keynote  Reception 

7:30  pm  -  9:00  pm 

CIO  Dinner  Under  the  Stars 


Provocative  discussions.  Case  studies.  Best  prac 


CORPORATE  HOSTS 

CiTRIX 


Citrix  Systems,  Inc.  (Nasdaq:CTXS)  is  a 
global  leader  in  application  serving  and 
portal  software  and  services  that  provide 
personalized  access  to  any  application  or 
information  source  —  whether  Windows, 
UNIX  or  Web-based  —  through  any  device, 
over  any  connection.  Companies  worldwide 
use  Citrix  technologies  to  integrate  appli¬ 
cations,  content  and  business  processes 
into  a  pervasive  digital  environment  —  a 
virtual  workplace  —  offering  seamless  con¬ 
nectivity  and  a  consistent  user  experience 
across  the  Internet,  intranets,  extranets, 
WANs,  LANs  and  wireless  networks.  Citrix 
solutions  drive  cost  efficiency,  productivity 
and  enhanced  e-business  opportunities  by 
leveraging  existing  IT  resources  and  extend¬ 
ing  personalized  information  access  to  em¬ 
ployees,  partners,  customers  and  suppliers. 


EDS,  the  leading  global  services  company, 
provides  strategy,  implementation  and 
hosting  for  clients  managing  the  business 
and  technology  complexities  of  the  digital 
economy.  EDS  brings  together  the  world's 
best  technologies  to  address  critical  client 
business  imperatives.  It  helps  clients  elimi¬ 
nate  boundaries,  collaborate  in  new  ways, 
establish  their  customers'  trust  and  contin¬ 
uously  seek  improvement.  EDS,  with  its 
management  consulting  subsidiary,  A.T. 
Kearney, serves  the  world's  leading  compa¬ 
nies  and  governments  in  58  countries.  EDS 
reported  revenues  of  $21.5  billion  in  2001. 
Learn  more  at  www.eds.com. 


Information 

Builders 

Information  Builders  helps  the  world's 
leading  organizations  derive  maximum 
value  from  their  IT  investments  by  turning 
data  assets  into  meaningful  information  for 
real-time  delivery  to  all  who  impact  their 
business:  employees,  managers,  customers, 
partners,  and  suppliers.  Information 
Builders  WebFOCUS  business  intelligence 
software  solutions  make  information  easy 
to  access  and  use,  with  built-in  access  to  any 
data  and  the  ability  to  handle  all  enterprise 
reporting  requirements,  including  portals, 
OLAP,  ad  hoc,  and  information  broadcast¬ 
ing.  iWay  Software,  an  Information  Builders 
subsidiary,  accelerates  the  integration  of 
new  technologies  and  applications, 
dramatically  improving  the  success  rate  and 
reducing  the  cost  of  business  integration. 


Sheraton  Bal  Harbour  Beach  Resort 

Wide  open  spaces.  Beautiful  views.  And  you  haven’t  even  hit  the  beach  yet. 


Nestled  on  10  acres  of  tropical 
gardens  and  steps  away  from  a  mile 
of  sandy  beach,  the  Sheraton  Bal 
Harbour  Beach  Resort  provides  the 
perfect  setting  for  rest  and  relaxation 
The  resort  overlooks  prime  Atlantic 
shoreline  and  offers  all  the  elements 
of  a  memorable  beachfront  vacation. 

The  Lifestyle  &  Fitness  Club  offers 
many  ways  to  relax,  with  a  tempting 
mix  of  facilities  and  services  that 


includes  state-of-the  art  exercise 
equipment  and  full-service  spa. 

Enjoy  the  lagoon-style  pool  complex 
and  waterpark  or  sink  your  feet  into 
the  sands  of  Florida’s  gold  coast. 

The  resort  is  conveniently  located 
between  the  Miami  and  Fort  Laud¬ 
erdale  airports  and  is  within  easy 
access  to  the  area’s  many  attractions, 
including  Miami’s  world-renowned 
South  Beach. 


ps.  Successful  techniques.  CIO  Perspectives. 


'xecutivedrcle 


The  Forum  for  Sharing  Knowledge 


pacificedge 

SOFTWARE 


For  over  three  decades,  Intel  Corporation 
has  developed  technology  enabling  the 
computer  and  Internet  revolution  that  has 
changed  the  world.  Intel  is  at  the  forefront 
as  a  primary  building  block  supplier  for  the 
Internet  economy.  Today,  companies  incor¬ 
porate  Intel  architecture-based  solutions 
across  their  connected  business  and  IT  en¬ 
vironments  to  create  successful  e-Business 
infrastructures:  from  Internet  servers  to  da¬ 
ta  center  systems,  desktops  to  worksta¬ 
tions,  and  laptops  to  network  PCs  and  on¬ 
line  services.  For  more  information  on  Intel 
and  its  role  in  e-Business,  visit  us  on  the 
web  at  www.intel.com/eBusiness. 


j  Symantec 

Symantec,  a  world  leader  in  Internet 
security  technology,  provides  a  broad 
range  of  content  and  network  security 
solutions  to  individuals  and  enterprises. 
The  company  is  a  leading  provider  of 
virus  protection,  risk  management, 
Internet  content  and  e-mail  filtering, 
remote  management  and  mobile  code 
detection  technologies  to  customers. 
Headquartered  in  Cupertino,  CA, 
Symantec  has  worldwide  operations 
in  more  than  33  countries. 


Microsoft  is  the  worldwide  leader  in  soft¬ 
ware,  services  and  Internet  technologies 
for  personal  and  business  computing. 

The  company  offers  a  wide  range  of  prod¬ 
ucts  and  services  designed  to  empower 
people  through  great  software  —  any  time, 
any  place  and  on  any  device.  Building  on 
the  popularity  of  the  Windows  operating 
system  and  the  Office  productivity  suite, 
Microsoft  is  now  focused  on  developing 
technology  for  the  next-generation  Internet. 
The  company's  .NET  platform  will  enable 
businesses  to  collaborate  to  offer  an 
unprecedented  range  of  integrated  and 
customized  solutions  —  solutions  that 
enable  their  customers  to  act  on  informa¬ 
tion  wherever  and  whenever  they  need  it. 

For  more  information,  visit 
www.microsoft.com/enterprise. 

WHEELHOUSE™ 

40 

Wheelhouse  develops  customer  relationship 
management  (CRM)  integration  software 
that  makes  CRM  work  for  Fortune  1000 
companies.  The  company's  specialized 
software  and  services  align  and  integrate 
legacy,  analytic  and  operational  CRM 
systems,  resulting  in  reduced  front  office 
costs  and  enabling  revenue  growth. 
Wheelhouse  was  incorporated  in  September 
1999  and  is  financed  by  leading  venture 
capital  firms,  global  investment  banks  and 
strategic  corporate  investors. 


Pacific  Edge  Software  is  a  leading  provider 
of  Project  Portfolio  Management  (PPM) 
solutions  for  global  companies,  transform¬ 
ing  how  organizations  manage  and  optimize 
their  project  portfolios.  Pacific  Edge's 
business-critical  PPM  solution,  The  Edge™ 
allows  organizations  to  balance  and  align 
projects  with  business  goals  and  strategies, 
maximizing  value  and  minimizing  costs. 

The  Edge  includes  software  products, 
professional  services,  and  a  Project  Port¬ 
folio  Management  process.  Customers 
include  industry  leaders  such  as  Airborne 
Express,  Alcon,  Costco,  Dell,  and  Johnson 
&  Johnson. 


To  enroll  or  for  more  information,  call  800  366-0246,  fax  the  form  to  508  879-7720,  or  visit  our  website  at  www.cio.com/conferences 


Strategies  for  the  New  Reality 


APRIL  14-16,  2002 

SHERATON  BAL  HARBOUR  BEACH  RESORT 
BAL  HARBOUR,  FLORIDA 


□  I  won't  be  able  to  attend,  but  please  keep  me  updated  on  future 
CIO  events. 


NAME 


If  this  is  your  first  CIO  event, 
your  business  card  is  required 
to  process  your  registration. 


6ROBM2 


TITLE 


COMPANY 


ADDRESS  MAIL  STOP 


CITY,  STATE,  ZIP 


PHONE  FAX 


E-MAIL  COMPANY  WEBSITE  ADDRESS 


NAME  AS  YOU  WANT  IT  TO  APPEAR  ON  YOUR  BADGE 


NAME  OF  MY  COMPANION  IF  PARTICIPATING  IN  COMPANION  PROGRAM 

WHAT  IS... 


YOUR  PRIMARY  INDUSTRY? 


YOUR  ORGANIZATION’S  ANNUAL  REVENUES  OR  ASSETS? 


YOUR  ANNUAL  IT  BUDGET? 


HOTEL  ACCOMMODATIONS  We  urge  you  to  make  your  reservations 
early  by  calling  the  hotel  between  8  am-5  pm  at  305  865-7511  and 
identifying  yourself  as  part  of  the  CIO  conference  to  receive  the  confer¬ 
ence  rate.  CIO  will  make  hotel  reservations  for  government/military 
participants  only.  Be  sure  to  guarantee  your  room  with  a  credit  card, 
as  all  unreserved  or  unguaranteed  rooms  will  be  released  on  March  15, 
2002.  Hotel  reservations,  cancellations  and  charges  are  your  respons¬ 
ibility.  If  a  CIO  conference  Enrollment  Form  is  not  received  within  48 
hours  of  making  your  hotel  reservation,  your  room  will  be  released 
from  the  CIO  room  block. 

ENROLLMENT  FEES  All  enrollment  fees  must  be  paid  in  advance  of  the 
meeting.  Fee  includes  conference  sessions,  business  briefings,  Corporate 
Host  displays,  conference  materials  and  scheduled  meals,  receptions 
and  entertainment.  Transportation,  hotel  and  recreation  are  your  respon¬ 
sibility.  Please  note  that  submission  of  this  enrollment  form  to  CIO 
obligates  the  attendee/sender  for  the  enrollment  fee. 

CANCELLATION  All  cancellations  or  substitutions  must  be  made  in 
writing.  You  may  cancel  your  conference  or  companion  enrollment  up 
to  March  15,  2002  without  penalty.  A  $350  administration  fee  will  be 
imposed  for  cancellations  between  March  16-March  29,  2002.  No  refund 
or  credit  will  be  given  for  cancellations  after  March  29,  2002  or  for  no 
shows.  You  may  send  a  substitute  in  your  place.  CIO  reserves  the  right 
to  decline  enrollment  to  any  registrant. 


ENROLLMENT  FEES 


PAYMENT 


□  IS  Practitioner/Executive 

$1,450  if  registered  by  March  15,  2002;  $1,950  after  March  15 

This  fee  applies  if  you  are  a  CIO,  IS  executive  or  hold  another  executive  position  other 

than  those  listed  below. 

□  Government/Military 

$1,800  if  registered  by  March  15,  2002;  $2,300  after  March  15 

This  fee  includes  your  hotel  for  three  nights.  Do  not  make  your  hotel  reservations,  CIO  will 

make  them  for  you. 

□  Sales/Marketing/Consulting  $10,000 

This  fee  applies  if  you  hold  a  sales,  marketing,  business  development  or  consulting 
position,  including  executive  management  of  IT  vendor  and  consulting  companies.  This 
enrollment  fee  is  payable  by  company  check  only.  CIO  will  make  the  final  determination 
of  this  category. 

□  Companion  Program  $375 

Companions  must  be  enrolled  in  this  program  to  attend  any  conference-related  functions. 
Includes  all  scheduled  meals,  receptions  and  entertainment,  companion  breakfast,  and 
planned  companion  activities.  Conference  session  attendance  is  not  included. 


□  Check  enclosed.  Mail  to:  Executive  Programs 

CXO  Media  Inc.,  Box  D3620 
Boston,  MA  02241-3620 

□  P.O.  # _ 

(A  complete  purchase  order  must  be  submitted  within  10  business  days.) 

□  MC  □  Visa  □  AmEx 

ACCT.  #  EXP. 

SIGNATURE 

□  I  am  NOT  staying  at  the  Sheraton  Bal  Harbour  Beach  Resort. 


NAME  OF  ALTERNATE  HOTEL 


To  enroll  or  for  more  information,  call  800  366-0246,  fax  back  to  508  879-7720, 
or  visit  our  Website  at  www.cio.com/conferences 


Sales  and  Services 

CIO  SALES  OFFICES 

President  &  CEO  Joseph  L.  Levy  • 

508  935-4601 

Publisher  Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

Sales  Operations  Associate  Kim  Harris 

East  Coast 

Senior  VP  Sales/East 

Michael  J.  Masters  •  973  244-4024 

Senior  Regional  Mgrs./ Advertising  Sales 

Eileen  P.  Lobaugh  •  973  244-4040 

Kathy  Powers  •  973  244-4041 

Regional  Sales  Manager 

Ellie  Schwab  •  973  244-4042 

Account  Executives 

Joan  Bonadeo  •  973  244-4043 

Sharon  Kurcin  •  973  244-4032 

Gale  Tedeschi  •  973  244-4031 

Office  Mgr.  Marlene  Levis  •  973  244-4033 

Sales  Asst.  Lin  Viggiano  •  973  244-4035 

Administrative  Assistant 

Sharon  Harrison  •  973  244-4037 

New  England 

Senior  Regional  Manager/Advertising  Sales 

Len  Ganz  •  508  935-4039 

Senior  Advertising  Sales  Associate 

Dawn  Cora  •  508  935-4092, 

Fax  508  879-6063 

Advertising  Sales  Associate 

Nancy  Vescere  •  508  988-7547 


Mid-Atlantic 

Senior  Regional  Manager/ Advertising  Sales 

Louise  Cupelli  •  215  627-8114 

Advertising  Sales  Associate 

Maureen  Welsh  •  215  627-8114 

South  Central 

Regional  Director/Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801, 

Fax  512  306-9805 

Account  Executive 

Kevin  T.  Rutan  •  512  306-9801, 

Fax  512  306-9805 
Advertising  Sales  Associate 
Brenda  Garza  •  512  306-9801, 

Fax  512  306-9805 

North  Central 

Senior  Regional  Manager/Advertising  Sales 

Keith  H.  Kenner  •  847  441-5005, 

Fax  847  441-5150 

Account  Executive 

Beth  Carlson  •  847  441-3140 

Advertising  Sales  Associate 

Kim  Giovanni  •  847  441-5005 

West  Coast 

VP  Sales/West  Cherl  McKeithan  • 

415  975-2685 

Senior  Regional  Manager/ Advertising  Sales 

James  Barrett  •  415  975-2680 
Regional  Manager/ Advertising  Sales 
Ai  Collins -415 975-2686 
District  Manager 

Kristin  Nystrom  •  415  975-2687 
Account  Executives 

Jeff  Odell  -415  975-2682 
Sarajane  Robinson-Retondo  • 

415  975-2693 

Senior  Advertising  Sales  Associate 

Derek  Jung -415  975-2683 


Advertising  Sales  Associates 

Chris  DaRosa  •  415  975-2688 
Anna  Limon  •  415  975-2694 

Southern  California 

Regional  Sales  Manager  Chris  Hempel  • 
949  475-5579,  Fax  949  475-5583 
Account  Executive  Chris  Bramel  • 

949  475-5579,  Fax  949  475-5583 

Sales  Associate  Isaac  Ugay  •  949  475-5579, 

Fax  949  475-5583 

NEW  BUSINESS  DEVELOPMENT 

VP,  Business  Development  &  Strategic 
Alliances  Cheryl  M.  Hardy  •  202  625-8342 
Coordinator,  Business  Development 

Kelly  Gabe*  202  625-8343 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

List  Services  Coordinator 

Kim  Cormican  ■  508  935-4152 

List  Services  Billing  Assistant 

Rebecca  Monto  •  508  935-7835 

ONLINE  SERVICES 

VP/Online  Sales  Lisa  Brown  • 

508  935-4470 

Online  Sales  Mgr.  Michael  McPhee  • 

508  935-4611 

Online  Account  Exec.  James  Buckley  • 

508  988-6823 

CUSTOM  PUBLISHING 

Group  Director  Michael  Siggins 
Director  Mary  Gregory 
Project  Managers  Lisa  Chaffin  (Senior), 
Sally  Ellison 

Graphic  Designer  Chris  Brown 


Index  of  Companies 
and  Advertisers 

Page  numbers  refer  to  the  first 
page  of  the  article(s)  in  which  the 
company  is  mentioned.  This  index 
is  provided  as  a  service  to  readers. 
The  publisher  does  not  assume  any 
liability  for  errors  or  omissions. 


COMPANY  INDEX 

1st  City  Savings  Federal 

Credit  Union  . 108 

Aberdeen  Group  Inc . 56,  84 

Adaytum  Inc . 24 

Agilent  Technologies  . 84 

American  Home 

Products  Corp . 56 

American  International 

Group  Inc . 56, 130 

AT&T  Wireless  . 108 

Cahners  In-Stat  Group . 108 

Canadian  Imperial  Bank  of 

Commerce  . 84 

Cingular  Wireless  . 108 

Compaq  Computer  Corp.  .  .  36, 100 

Conexant  Systems  Inc . 100 

Counterpane  Internet 

Security  Inc . 66 

CSX  Corp . 46 

Encyclopedia  Britannica  Inc.  ...  24 
Environmental  Protection 

Agency  .  24 

ePresence . 84 

NCR  Corp . 84 

Financial  Services  Information 
Sharing  and  Analysis  Center .  .  74 

Fleet  Credit  Card  Services  . 74 

FleetBoston  Financial  Corp.  .  . .  130 


Ford  Motor  Co . 100 

Fujitsu . 100 

Gartner  Inc . 24 

GLT  &  Associates  Inc . 46 

Graphisoft  R&D  Software 

Development  Rt . 108 

Grey  Global  Group . 66 

Hewlett-Packard  Co . 84 

Honeywell 

International  Inc . 108 

Hurwitz  Group  Inc . 56 

lllumitek  . 108 

Institute  for  Applied 

Network  Security,  The . 74 

Intel  Corp . 36 

International  Data  Corp.  ...  24, 108 

Jacada  Ltd . 56 

Marriott  International . 46 

Merrill  Lynch  &  Co  Inc . 84 

Micro  Focus  International  Ltd.  .  .  56 

Microsoft  Corp . 108 

Mindlab  . 100 

Modern  Visualization  Inc . 108 

National  Aquarium  in 

Baltimore  Inc . 24 

National  Geographic  Society  ...  24 
Nextel  Communications  Inc.  .  .  .  108 

Nortel  Networks  Ltd . 46 

Oculus  Technologies  Corp . 100 

OppenheimerFunds 

Distributor  Inc . 66 

Owens  &  Minor  Inc . 56 

PacifiCare  Health  Systems  Inc. .  .  56 

Parker  Hannifin  Corp . 56 

Pdom.com  . 24 

Pendragon  Software  Corp . 24 

PeopleSoft  Inc . 36 

PMI  Group  Inc.,  The . 56 


PricewaterhouseCoopers  . 74 

Rackspace  Managed  Hosting  ...  74 

Red-M . 108 

Reebok  International  Ltd . 36 

Relativity  Technologies  Inc . 56 

Robert  Frances  Group  Inc . 84 

Robert  W.  Baird  &  Co.  Inc . 24 

Royal  Dutch/Shell  Group . 92 

SAP  AG  . 36 

Sapient  Corp . 46 

Seagull  . 56 

SEEC  Inc . 56 

Snap-On  Inc . 56 

Sprint  PCS  . 108 

State  Street  Global  Advisors  ....  74 
Sullivan  and  Cogliano 

Companies,  The  . 108 

Unisys  Corp . 100 

University  of  Washington 
Academic  Medical  Center  ....  74 

Verizon  Wireless . 108 

Visual  Insights  . 108 

Vmyths.com . 66 

VoiceStream  Wireless . 108 

Websense  Inc . 24 

ADVERTISER  INDEX 

Acxiom  Corp . 35 

AppGate  . 31 

Avaya  . 29 

BiolTWorld  . 119 

Brother  International  Corp . 77 

Cisco  Systems  Inc . 9 

Compaq  Computer  Corp.  . .  18, 107 
Computer  Associates 

Inti.  Inc . C4,  64 

Connected  Corp . 55 


Crystal  Decisions  . 25 

CXO  Media 

Inc . 95,  111,  113,  117, 123 

Dell  Computer  Corp . 8 

Digex  . 33 

Diversified  Software  Systems  Inc.  59 

Fujitsu . 39 

Georgia  CIO  of  the  Year . 115 

Hewlett-Packard  . 4,  73 

IBM  Corp .  37,  87,  89 

Intel  Corp . 69 

KPMG  Consulting . 51 

Kronos  Inc . C3 

Kyocera-Mita  America  . 105 

Lawson  Software  . C2 

Lockheed  Martin  . 63 

MASG . 83 

Michigan  Economic 

Development  Corp . 103 

Microsoft  Corp . 2 

MicroStrategy . 109 

Networld+lnterop . 121 

NTT  Communications . 17 

Oracle  Corp . 15 

Pacific  Edge  Software . 53 

Pegasystems  Inc . 47 

Primavera  Systems  Inc . 91 

Rockwell  FirstPoint  . 61 

RSA  Security  Inc . 81 

salesforce.com  . 7 

SAS  . 23 

Siemens  Corp . 21 

Sun  Microsystems  Inc . 11 

Sybase  Inc . 45 

Synygy  .  27 

Tallan  . 71 

Verizon  (regional) . 79 


www.cio.com 


REPRINT  SERVICES 

651 582-3834,  E-mail  kastickney@ 
reprintservices.com 

For  further  sales  information,  visit 
www.cio.com/marketing/salesoffices.html. 

CIO  IS  PUBLISHED  IN  THE 
UNITED  STATES  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China 
www.ceocio.com.cn 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
Korea,  CIO  Korea  www.cio.seoul.kr 
New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 

Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 


CIO  Contact  Information 

Editorial,  Advertising  and  Business 
Offices:  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701-9208, 
508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined  issue 
December  15/ January  1  by  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.O.  Box 
9208,  Framingham,  MA  01701-9208. 
Periodicals  postage  paid  at  Framingham, 
MA,  and  at  additional  mailing  offices. 
Canada  Publications  Mail  Agreement 
Number  1902075.  CANADIAN  POSTMAS¬ 
TER:  Please  return  undeliverable  copy  to 
P.O.  Box  1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2002  by  CXO 
Media  Inc.  All  rights  reserved.  Repro¬ 
duction  of  material  appearing  in  CIO  is 
forbidden  without  written  permission. 
Send  all  requests  to  Permissions 
Department,  C/O,  492  Old  Connecticut 
Path,  P.O.  Box  9208,  Framingham,  MA 
01701-9208. 

Photocopy  Rights:  Permission  to  photo¬ 
copy  for  internal  or  personal  use  or  the 
internal  or  personal  use  of  specific 
clients  is  granted  by  CIO  for  users 
through  the  Copyright  Clearance  Center, 
provided  that  the  base  fee  of  $3  per  copy 
of  the  article,  plus  $.50  per  page  is  paid 
directly  to  Copyright  Clearance  Center, 

27  Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not  extend 
to  contributed  articles  followed  by  this 
symbol:  j:. 

Subscriptions:  Address  inquiries  to  CIO, 
492  Old  Connecticut  Path,  P.O.  Box 
9208,  Framingham,  MA  01701-9208; 

800  788-4605.  CIO  is  free  to  qualified 
information  executives.  To  all  others  the 
one-year  basic  rate  is  $94  for  the  United 
States  and  Canada,  $175  to  foreign 
countries  (payable  in  U.S.  funds  only). 
The  single  copy  price  is  $9.  Please  allow 
four  to  six  weeks  for  new  subscriptions  to 
begin. 

Change  of  Address:  Please  fax  a  copy  of 
current  subscription  label  along  with  new 
address  to  508  879-7899.  Allow  four  to 
six  weeks  for  change  to  take  effect. 

Postmaster:  Send  change  of  address  to 
CIO,  P.O.  Box  489,  Northbrook,  IL 
60065-9816.  Printed  in  the  U.S. A. 


•  MARCH  15,  2002  CIO  129 


EXECUTIVE 


March  15,  2002 


COVER  STORY  I  Legacy 
Systems  Migration 

By  Simone  Kaplan  I  56 

Despite  the  contracted  economy  and 
its  concomitant  budget  cutbacks, 
now  is  the  best  time  to  modernize  or 
migrate  legacy  systems  to  meet  the  demands 
imposed  by  the  Web.  The  expense  of  legacy 
system  maintenance  is  bilking  companies  for 
more  than  it  would  cost  to  migrate  to  thin- 
client  systems  or  connect  legacy  apps  to 
Web  front  ends.  American  International 
Group,  for  example,  determined  it  would 
save  30  percent  of  what  it  was  spending  on 
maintenance  if  it  moved  from  mainframe  to 
thin  client.  Part  of  the  positive  equation  is 
that  thanks  to  new  tools  and  techniques, 
migration  costs  have  come  down.  In  1996, 
for  example,  insurance  company  PMI 
Group  calculated  the  cost  of  legacy  system 
modernization  at  about  $20  million,  less 
than  the  estimated  cost  of  the  potential 
service-related  failures  that  could  result  if 
the  systems  remained  in  place.  In  a  1999 
estimate,  that  migration  bill  came  down  to 
just  $12  million.  Liking  those  numbers,  PMI 
joined  other  companies  in  seizing  this 
opportunity  to  throw  off  the  legacy 
albatross,  and  it  will  finish  its  overhaul 
by  fall  2002. 


“Legacy  applications  are 
a  cancerous  problem 
that  need  to  be  excised. 
It’s  not  a  choice.  If  your 
business  is  changing, 
your  systems  have 
to  change.” 

-DAVID  R.  GUZMAN,  CIO, 
OWENS  &  MINOR 


Cyberterrorism:  Not  So  Threatening  By  Scott  Berinato  I  66 

SINCE  SEPT.  11,  THREATS  ONCE  CONSIDERED  digital  aggravations  have  been  tagged 
cyberterrorist  provocations.  The  term  has  lost  its  meaning  in  the  mouth  of  fear  mongers.  Cyber¬ 
terrorism,  according  to  the  National  Infrastructure  Protection  Center,  is  an  act  perpetrated  through 
computers  that  results  in  violence,  death  and/or  destruction,  and  creates  terror  for  the  purpose  of 
coercing  a  government  to  change  its  policies.  To  qualify  as  cyberterrorism,  an  act  must  have  a 
political  motivation  and  a  destructive  result.  Most  cyberattacks  satisfy  only  the  first  criterion.  It’s  far 
less  likely  than  the  media  would  have  us  believe  that  cyberterrorists  could  cause  destruction.  More 
credible  is  the  danger  to  critical  data:  a  cyberterrorist  who  hacks  critical  computer  systems 
to  steal  or  irreversibly  damage  vital  data,  such  as  the  $ocial  Security  database.  The  good  news  for 
CIOs  is  that  protecting  against  any  security  threat  protects  against  cyberterrorism. 


Security  Response  Plan  By  Sarah  d.  Scaiet  I  74 

KNOWING  HOW  TO  RESPOND  TO  A  SECURITY  INCIDENT  can  save  companies  time, 
money  and  even  their  reputation.  But  incident  response  planning  is  one  of  those  best  practices  that 
rarely  gets  done  because  it’s  viewed  as  costly  and  it’s  an  admission  that  something  could  go  wrong. 
The  first  assumption  is  incorrect,  and  the  latter  is  deadly  accurate,  as  evidenced  by  FleetBoston  and 
other  organizations  forced  to  put  their  plans  into  action.  Unless  a  company  creates  a  dedicated  team 
for  security  (not  always  necessary),  a  response  plan  is  cheaper  than  most  CFOs  would  think.  The  first 
step  is  pulling  together  key  staff  to  form  an  incident  response  team.  There  must  be  a  centralized 
process  to  report,  respond  to  and  track  incidents.  A  key  element  of  the  plan  is  deciding  who’s  in 
charge  of  response  and  which  people  can  pull  the  plug  on  the  website  or  network. 


Workflow  Software  Problems  By  Preston  Gratia  I  84 

PROFESSIONAL  SERVICES  AUTOMATION  SOFTWARE  automates  assignments,  billing 
and  invoicing,  time  sheets  and  similar  kinds  of  labor  germane  to  professional  services  companies.  The 
systems  help  a  company  closely  track  what  work  employees  are  doing  and  see  at  any  given  moment 
how  resources  are  being  used — all  the  better  for  deploying  the  workforce.  Problem  is,  employees 
often  balk  at  using  it.  Frustrated  CIOs  have  learned  that  to  make  the  software  pay  off,  they  must 
start  with  a  thorough  understanding  of  their  company’s  corporate  culture  and  how  the  company 
assigns  work.  They  need  to  capture  how  employees  report  their  progress  on  assignments,  note  time 
spent  on  each  project  and  bill  for  their  work.  Most  fundamentally,  the  intended  users  must  be 
convinced  up  front  that  the  benefit  is  worth  their  cooperation. 


Corporate  and  University  Research  Partnerships  By  Ben  worthen  I  100 

CIOS  WILLING  TO  INVEST  THE  TIME  CAN  TAKE  advantage  of  the  accelerating  rate  of 
practical  IT  innovation  happening  in  university  research  labs  today.  The  payoff  could  be  early  access 
to  new  products  or  technologies — and  real  competitive  advantage.  Hundreds  of  colleges  and  universi¬ 
ties  offer  access  to  research  through  their  Offices  of  Technology  Licensing.  Companies  work  with 
schools  in  three  ways:  directly  funding  research;  licensing  a  research-quality  technology  directly  from 
the  school;  and  funding  the  graduate  students  or  professors  who  created  the  research  so  that  they  can 
start  their  own  companies.  Ford  funded  a  professor  at  MIT  to  develop  a  company  around  a 
university-developed  design-sharing  technology  that  works  across  CAD  systems  and  allows  compa¬ 
nies  to  share  only  parts  of  a  file — keeping  other  sections  hidden. 


13  0  CIO  MARCH  15,  2002 


www.cio.com 


Workforce  Productivity 


4 


Before 


X 


After 


Web-based  labor  management  solutions  for  the  entire  workforce  —  configurable,  scalable,  real-time. 
Discover  how  you  can  improve  your  productivity  at  www.kronos.com/offer/solutions,  or  call  1  -800-225-1 561 ,  ext.  8103. 

KRONOS 

Improving  the 
Performance  of 
People  and  Business'” 


©2001.  Kronos  Incorporated,  Kronos  and  the  Kronos  logo  are  registered  trademarks  and  "Improving  the  Performance  of  People  and  Business"  is  a  trademark  of  Kronos  Incorporated.  All  rights  reserved.  Printed  in  the  U.S.A. 


YOU'RE  PROTECTED  AGAINST  HACKERS,  VIRUSES  AND  WORMS. 

BUT  WHAT  ABOUT  ROSE  IN  BENEFITS? 


eTrust"  Security  Solutions 

Complete  protection  for  your  entire  enterprise. 

When  it  comes  to  protecting  your  business,  you  need  security  that  can  protect  your 
enterprise  from  potential  threats,  no  matter  where  they  may  come  from.  That's  exactly 
what  eTrust  does.  Our  family  of  products  allows  you  to  not  only  safeguard  your  entire 
enterprise,  but  also  view  and  manage  that  security  either  centrally  or  from  multiple 
delegated  locations.  So  you  can  continue  to  grow  and  maximize  new  opportunities 
while  minimizing  your  risk.  And  that's  security  you  can  feel  secure  about. 


Computer  Associates™ 


HELLO  TOMORROW  WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS 


TM 


ca.com/etrust 


©2001  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 


